HTML/Infected.WebPage.Gen Malware Que faire ?

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

• Double clique sur HJTInstall.exe pour lancer l'installation.
• Clique sur Install.
• Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
• Accepte la licence en cliquant sur Yes.
• Clique sur Do a system scan and save a logfile.
• Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

Re,

Désinstalle Dameon Tools, tu le résinstalleras sans WhenU.

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

Re,

Peux-tu me donner la localisation + le nom du fichier + extension ?

1) Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

2) Relance Toolbar-S&D en double-cliquant sur le raccourci.

• Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.

! Ne ferme pas la fenêtre lors de la suppression !

• Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.

Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau

Voici pour hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:47, on 17/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Micro Application\MediaDICO\MediaDico.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\acer\Downloads\HJTInstall.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/y [...] ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/y [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://th.th.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://th.th.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\MediaDICO\MediaDICO.exe Lancement
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 9628 bytes


merci

Ok pardon j'avais oublie :

Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file :

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\3A26E2E6d01

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\EBF0B0B9d01

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\DE26A76Ed01'

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\B2E2FA21d01'

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\96B9AA90d01'

'C:\Users\acer\AppData\Local\Mozilla\Firefox\Profiles\r4b4njt2.default\Cache\6CA86BB9d01'

Etc... etc... Yen a toute une tirade mais tout se trouve dans le cache, c'est grave docteur?

Merci

J'ai tout supprime le cache mais les fichiers infestes reapparaissent, bizarre, je pense que c'est une infection pas grave et que je peux vivre avec sinon, merci encore

Salut

voici le rapport :

DDS (Version 1.1.0) - NTFSx86
Run by acer at 0:10:20,98 on 22/12/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\CompPtcVUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\PdtWzd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Micro Application\MediaDICO\MediaDico.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\acer\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://th.th.acer.yahoo.com
mWindow Title =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll
uRun: [Acer Tour Reminder]
uRun: [MediaDico] c:\program files\micro application\mediadico\MediaDICO.exe Lancement
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [Acer Tour]
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio-protection fingerprint solution\PdtWzd.exe" show
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [SetPanel] c:\acer\apanel\APanel.cmd
mRun: [DaemonTools_WhenUSave_Installer] c:\program files\daemontools_whenusave_installer\DaemonTools_WhenUSave_Installer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio-protection fingerprint solution\WinNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: eNetHook.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio-protection fingerprint solution\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\acer\appdata\roaming\mozilla\firefox\profiles\r4b4njt2.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\yahoo!\shared\npYState.dll

============= SERVICES / DRIVERS ===============

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl [2007-5-16 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-4-14 50688]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe" [2008-1-11 30312]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2006-8-24 40832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\system32\drivers\cmo_bus.sys [2007-9-17 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\system32\drivers\cmo_mdfl.sys [2007-9-17 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\system32\drivers\cmo_mdm.sys [2007-9-17 93904]
S3 cmo_serd;Data Modem @ CDMA Second DS Port (WDM);c:\windows\system32\drivers\cmo_serd.sys [2007-9-17 73696]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -sMSSMLBIZ [2008-2-26 29183504]

=============== Created Last 30 ================

2008-12-19 16:50 328,468 a------- C:\karte_mekong_18804.png
2008-12-19 16:49 14,003 a------- C:\Irrawaddy.jpg
2008-12-18 22:23 <DIR> --d----- C:\ToolBar SD
2008-12-17 12:18 <DIR> --d----- c:\users\acer\appdata\roaming\Malwarebytes
2008-12-17 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-17 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 12:18 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-17 12:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 12:18 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-14 10:25 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-14 10:25 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 10:25 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-13 21:41 <DIR> --d----- c:\program files\Studio V5
2008-12-12 08:35 2,048 a------- c:\windows\system32\tzres.dll
2008-12-11 14:44 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-11 14:44 296,960 a------- c:\windows\system32\gdi32.dll
2008-11-29 19:17 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-28 15:11 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-28 15:10 147,456 a------- c:\windows\system32\Faultrep.dll
2008-11-28 15:10 125,952 a------- c:\windows\system32\wersvc.dll
2008-11-28 15:10 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-28 15:10 443,392 a------- c:\windows\system32\win32spl.dll

==================== Find3M ====================

2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-21 06:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-16 21:56 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-10-16 21:55 83,456 a------- c:\windows\system32\wudriver.dll
2008-10-16 08:08 162,064 a------- c:\windows\system32\wuwebv.dll
2008-10-16 07:56 31,232 a------- c:\windows\system32\wuapp.exe
2008-10-16 05:47 827,392 a------- c:\windows\system32\wininet.dll
2008-08-02 14:49 86,016 a------- c:\windows\inf\infstor.dat
2008-08-02 14:49 51,200 a------- c:\windows\inf\infpub.dat
2008-08-02 14:49 143,360 a------- c:\windows\inf\infstrng.dat
2008-06-15 18:14 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-04 08:45 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-10 12:20 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2007-10-10 12:20 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2007-10-10 12:20 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:12:19,12 ===============

Avec un deuxieme fichiers texte qui s'est ouvert :


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)


Motherboard: Acer, Inc. | | Victoria
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 27,261 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 78,702 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: isatap.{9781C5E2-19CD-451C-B093-F348A952BCFB}
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011B1025&REV_02\4&33D89AE1&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011B1025&REV_02\4&33D89AE1&0&00E2
Service: b57nd60x

Class GUID: {4d36e977-e325-11ce-bfc1-08002be10318}
Description: ENE CB-1410/851 Cardbus Controller
Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_011B1025&REV_01\4&1549EFE7&0&08F0
Manufacturer: ENE TECHNOLOGY INC.
Name: ENE CB-1410/851 Cardbus Controller
PNP Device ID: PCI\VEN_1524&DEV_1410&SUBSYS_011B1025&REV_01\4&1549EFE7&0&08F0
Service: pci

Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_011B1025&REV_00\4&1549EFE7&0&48F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI Compliant IEEE 1394 Host Controller
PNP Device ID: PCI\VEN_104C&DEV_8024&SUBSYS_011B1025&REV_00\4&1549EFE7&0&48F0
Service: ohci1394

==== System Restore Points ===================


==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Agere Systems HDA Modem
Avira AntiVir Personal - Free Antivirus
Bubble Shooter Deluxe
Business Contact Manager for Outlook 2007 SP1
C-motech Connection Manager(CCU650)
Combined Community Codec Pack 2007-02-22
FileZilla (remove only)
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
GreenBox 1.0
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MEDIADICO Word - L'Aventure Multimedia
Micro Application - MediaDICO
Microsoft Office 2000 Standard
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
OpenOffice.org Installer 1.0
Quick Zip 4.60.018
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Synaptics Pointing Device Driver
VLC media player 0.9.2

==== End Of File ===========================

A bientot