Votre question

HTML/Infected.WebPage.Gen Malware Que faire ?

Tags :
  • Acer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Décembre 2008 00:21:36



J'ai choppe le virus : HTML/Infected.WebPage.Gen Malware, des que j'ouvre certaines pages web antivir me previens mais pas moyen de le supprimer ou de le mettre en quarantaine. Comment faire pour eliminer ce virus s'il vous plait? Mon PC tourne sur Vista. Merci beaucoup ! :ange: 

Autres pages sur : html infected webpage gen malware

17 Décembre 2008 12:32:14

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    17 Décembre 2008 22:05:14

    Merci beaucoup pour ton aide tres precieuse !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:47, on 17/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Micro Application\MediaDICO\MediaDico.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Windows\MSAgent\agentsvr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\acer\Downloads\HJTInstall.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://th.th.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://th.th.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe" show
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O20 - AppInit_DLLs: eNetHook.dll
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\WinNotify.dll
    O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 9628 bytes
    Contenus similaires
    18 Décembre 2008 11:07:44

    Re,

    Désinstalle Dameon Tools, tu le résinstalleras sans WhenU.

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
    18 Décembre 2008 22:31:24

    Ok j'ai supprime Dameon Tools mais j'ai toujours le virus, voila le rapport de toolbar-SD :


    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz )
    BIOS : ZU1 v1.3112 3A12
    USER : acer ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:88 Go (Free:27 Go)
    D:\ (Local Disk) - NTFS - Total:88 Go (Free:78 Go)
    E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    F:\ (USB) - FAT32 - Total:3847 Mo (Free:2 Go)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [1] ( 18/12/2008|22:25 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"
    "SEARCH PAGE"="http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com"
    "Search Bar"="http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=44406"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://th.th.acer.yahoo.com"
    "Default_Page_URL"="http://th.th.acer.yahoo.com"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouv้e !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - 18/12/2008|22:25 - Option : [1]

    -----------\\ Fin du rapport a 22:25:35,54


    Merci encore :) 
    19 Décembre 2008 12:10:17

    Re,

    Peux-tu me donner la localisation + le nom du fichier + extension ?

    1) Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

    2) Relance Toolbar-S&D en double-cliquant sur le raccourci.

  • Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
    ! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
  • Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.

    [#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    19 Décembre 2008 13:02:47


    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz )
    BIOS : ZU1 v1.3112 3A12
    USER : acer ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:88 Go (Free:26 Go)
    D:\ (Local Disk) - NTFS - Total:88 Go (Free:78 Go)
    E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    F:\ (USB) - FAT32 - Total:3847 Mo (Free:2 Go)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [2] ( 19/12/2008|13:01 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"
    "SEARCH PAGE"="http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com"
    "Search Bar"="http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=44406"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.msn.com/"
    "Default_Page_URL"="http://th.th.acer.yahoo.com"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouv้e !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - 18/12/2008|22:25 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 19/12/2008|13:01 - Option : [2]

    -----------\\ Fin du rapport a 13:01:42,67
    19 Décembre 2008 13:05:40

    Voici pour hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:47, on 17/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Micro Application\MediaDICO\MediaDico.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Windows\MSAgent\agentsvr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\acer\Downloads\HJTInstall.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://th.th.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://th.th.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe" show
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
    O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O20 - AppInit_DLLs: eNetHook.dll
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\WinNotify.dll
    O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

    --
    End of file - 9628 bytes


    merci

    19 Décembre 2008 22:29:53

    Re,

    Peux-tu me répondre stp :

    Citation :
    Peux-tu me donner la localisation + le nom du fichier + extension ?


    (Je parle du virus détecté dont tu me parles)
    19 Décembre 2008 23:51:23

    Ok pardon j'avais oublie :

    Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
    detected in file :

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\3A26E2E6d01

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\EBF0B0B9d01

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\DE26A76Ed01'

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\B2E2FA21d01'

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\96B9AA90d01'

    'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\6CA86BB9d01'

    Etc... etc... Yen a toute une tirade mais tout se trouve dans le cache, c'est grave docteur?

    Merci




    20 Décembre 2008 13:38:38

    Re,

    Vide ce dossier : C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache

    Toujours des détections ?
    20 Décembre 2008 19:53:56

    J'ai tout supprime le cache mais les fichiers infestes reapparaissent, bizarre, je pense que c'est une infection pas grave et que je peux vivre avec sinon, merci encore :) 
    21 Décembre 2008 15:32:26

    Télécharge DDS de sUBs sur ton bureau.
    L'outil ne nécessite pas d'installation.

    Lance-le en cliquant sur l'icône dds.scr

    Cette fenêtre DOS va apparaitre


    Le scan ne doit pas dépasser trois minutes.
    Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
    Il te sera demandé si tu veux faire le scan optionnel.
    Accepte par Oui
    Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
    Tu ne le fourniras que si nécessaire.
    Poste le rapport DDS.txt
    22 Décembre 2008 00:16:29

    Salut :) 

    voici le rapport :

    DDS (Version 1.1.0) - NTFSx86
    Run by acer at 0:10:20,98 on 22/12/2008
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\CompPtcVUI.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Acer\ALaunch\ALaunchSvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Micro Application\MediaDICO\MediaDico.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\acer\Downloads\dds.scr
    C:\Windows\system32\conime.exe
    C:\Program Files\Yahoo!\Messenger\yupdater.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mDefault_Page_URL = hxxp://th.th.acer.yahoo.com
    mWindow Title =
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
    uRun: [Acer Tour Reminder]
    uRun: [MediaDico] c:\program files\micro application\mediadico\MediaDICO.exe Lancement
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
    mRun: [Acer Tour]
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio-protection fingerprint solution\PdtWzd.exe" show
    mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
    mRun: [eRecoveryService]
    mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
    mRun: [SetPanel] c:\acer\apanel\APanel.cmd
    mRun: [DaemonTools_WhenUSave_Installer] c:\program files\daemontools_whenusave_installer\DaemonTools_WhenUSave_Installer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Skytel] Skytel.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio-protection fingerprint solution\WinNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\common files\spba\homefus2.dll
    AppInit_DLLs: eNetHook.dll
    LSA: Notification Packages = scecli c:\program files\acer\acer bio-protection fingerprint solution\PwdFilter

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\r4b4njt2.default\
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - plugin: c:\program files\yahoo!\shared\npYState.dll

    ============= SERVICES / DRIVERS ===============

    R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl [2007-5-16 13560]
    R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-4-14 50688]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe" [2008-1-11 30312]
    S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2006-8-24 40832]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
    S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-9-17 58352]
    S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-9-17 8304]
    S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-9-17 93904]
    S3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2007-9-17 73696]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2008-2-26 29183504]

    =============== Created Last 30 ================

    2008-12-19 16:50 328,468 a------- C:\karte_mekong_18804.png
    2008-12-19 16:49 14,003 a------- C:\Irrawaddy.jpg
    2008-12-18 22:23 <DIR> --d----- C:\ToolBar SD
    2008-12-17 12:18 <DIR> --d----- c:\users\acer\appdata\roaming\Malwarebytes
    2008-12-17 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2008-12-17 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-17 12:18 <DIR> --d----- c:\programdata\Malwarebytes
    2008-12-17 12:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2008-12-17 12:18 <DIR> --d----- c:\progra~2\Malwarebytes
    2008-12-14 10:25 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
    2008-12-14 10:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2008-12-14 10:25 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
    2008-12-13 21:41 <DIR> --d----- c:\program files\Studio V5
    2008-12-12 08:35 2,048 a------- c:\windows\system32\tzres.dll
    2008-12-11 14:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
    2008-12-11 14:44 296,960 a------- c:\windows\system32\gdi32.dll
    2008-11-29 19:17 1,191,936 a------- c:\windows\system32\msxml3.dll
    2008-11-28 15:11 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
    2008-11-28 15:10 147,456 a------- c:\windows\system32\Faultrep.dll
    2008-11-28 15:10 125,952 a------- c:\windows\system32\wersvc.dll
    2008-11-28 15:10 1,334,272 a------- c:\windows\system32\msxml6.dll
    2008-11-28 15:10 443,392 a------- c:\windows\system32\win32spl.dll

    ==================== Find3M ====================

    2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
    2008-10-21 06:25 1,645,568 a------- c:\windows\system32\connect.dll
    2008-10-16 21:56 1,524,736 a------- c:\windows\system32\wucltux.dll
    2008-10-16 21:55 83,456 a------- c:\windows\system32\wudriver.dll
    2008-10-16 08:08 162,064 a------- c:\windows\system32\wuwebv.dll
    2008-10-16 07:56 31,232 a------- c:\windows\system32\wuapp.exe
    2008-10-16 05:47 827,392 a------- c:\windows\system32\wininet.dll
    2008-08-02 14:49 86,016 a------- c:\windows\inf\infstor.dat
    2008-08-02 14:49 51,200 a------- c:\windows\inf\infpub.dat
    2008-08-02 14:49 143,360 a------- c:\windows\inf\infstrng.dat
    2008-06-15 18:14 665,600 a------- c:\windows\inf\drvindex.dat
    2008-06-04 08:45 174 a--sh--- c:\program files\desktop.ini
    2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2007-10-10 12:20 16,384 a--sh--- c:\windows\temp\cookies\index.dat
    2007-10-10 12:20 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
    2007-10-10 12:20 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

    ============= FINISH: 0:12:19,12 ===============

    Avec un deuxieme fichiers texte qui s'est ouvert :


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Version 1.0)


    Motherboard: Acer, Inc. | | Victoria
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 88 GiB total, 27,261 GiB free.
    D: is FIXED (NTFS) - 88 GiB total, 78,702 GiB free.
    E: is CDROM (CDFS)
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: isatap.{9781C5E2-19CD-451C-B093-F348A952BCFB}
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011B1025&REV_02\4&33D89AE1&0&00E2
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011B1025&REV_02\4&33D89AE1&0&00E2
    Service: b57nd60x

    Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
    Description: ENE CB-1410/851 Cardbus Controller
    Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_011B1025&REV_01\4&1549EFE7&0&08F0
    Manufacturer: ENE TECHNOLOGY INC.
    Name: ENE CB-1410/851 Cardbus Controller
    PNP Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_011B1025&REV_01\4&1549EFE7&0&08F0
    Service: pci

    Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
    Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
    Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_011B1025&REV_00\4&1549EFE7&0&48F0
    Manufacturer: Texas Instruments
    Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
    PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_011B1025&REV_00\4&1549EFE7&0&48F0
    Service: ohci1394

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Agere Systems HDA Modem
    Avira AntiVir Personal - Free Antivirus
    Bubble Shooter Deluxe
    Business Contact Manager for Outlook 2007 SP1
    C-motech Connection Manager(CCU650)
    Combined Community Codec Pack 2007-02-22
    FileZilla (remove only)
    GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
    GreenBox 1.0
    HijackThis 2.0.2
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    MEDIADICO Word - L'Aventure Multimedia
    Micro Application - MediaDICO
    Microsoft Office 2000 Standard
    Microsoft Office 2003 Web Components
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0.5)
    OpenOffice.org Installer 1.0
    Quick Zip 4.60.018
    Realtek High Definition Audio Driver
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    VLC media player 0.9.2

    ==== End Of File ===========================

    A bientot ;) 

    23 Décembre 2008 15:54:33

    Re,

    Toujours des alertes ..?

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    Contenus similaires
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS