Page publicitaire internet

Question

Bonjour,

J'ai un problème , j'ai une fenêtre publicitaire qui n'arrête pas de s'ouvrir toute seul ( il s'agit d'une publicité pour un site nommé Vbuddy ) et c'est assez énervant =/ si vous pouviez m'aider a trouver comment faire pour qu'elle ne s'ouvre plus , je vous en serais très reconaissant ^^ merci d'avance 



Cordialement

jlpjlp · Answer

slt,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

WinterMan · Answer

Ok donc voila le log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Windows at 2009-04-09 15:06:34
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 19 GB (26%) free of 71 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:41, on 09/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32
vraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hklm.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\Windows\Desktop\f1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Windows\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Windows.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32
vraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: hklm.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RealtekPCI - Realtek - C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

WinterMan · Answer

Ok donc voila le log.txt :



Logfile of random's system information tool 1.06 (written by random/random)
Run by Windows at 2009-04-09 15:06:34
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 19 GB (26%) free of 71 GB
Total RAM: 3071 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:06:41, on 09/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32
vraidservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hklm.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\Windows\Desktop\f1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Windows\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Windows.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32
vraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: hklm.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RealtekPCI - Realtek - C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

jlpjlp · Answer

désactive le tea timer de sybot (mode puis mode avancé puis outils puis resident)


_______________

analyse ce fichier sur virus total et colle le rapport   https://www.virustotal.com/gui/

C:\Users\Windows\Desktop\f1.exe 


________________


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________ 

a plus

WinterMan · Answer

Alors avec virus total j'ai analysé f1.exe et ça donne ça :

a-squared 4.0.0.101 2009.04.09 - 
AhnLab-V3 5.0.0.2 2009.04.09 - 
AntiVir 7.9.0.138 2009.04.09 - 
Antiy-AVL 2.0.3.1 2009.04.09 Trojan/Win32.AutoHK 
Authentium 5.1.2.4 2009.04.08 W32/Trojan2.UNJ 
Avast 4.8.1335.0 2009.04.09 - 
AVG 8.5.0.285 2009.04.09 - 
BitDefender 7.2 2009.04.09 - 
CAT-QuickHeal 10.00 2009.04.09 - 
ClamAV 0.94.1 2009.04.09 - 
Comodo 1107 2009.04.09 - 
DrWeb 4.44.0.09170 2009.04.09 - 
eSafe 7.0.17.0 2009.04.07 Suspicious File 
eTrust-Vet 31.6.6447 2009.04.09 - 
F-Prot 4.4.4.56 2009.04.08 W32/Trojan2.UNJ 
F-Secure 8.0.14470.0 2009.04.09 - 
Fortinet 3.117.0.0 2009.04.09 - 
GData 19 2009.04.09 - 
Ikarus T3.1.1.49.0 2009.04.09 - 
K7AntiVirus 7.10.697 2009.04.08 Trojan.Win32.AutoHK.aa 
Kaspersky 7.0.0.125 2009.04.09 - 
McAfee 5578 2009.04.08 - 
McAfee+Artemis 5578 2009.04.08 - 
McAfee-GW-Edition 6.7.6 2009.04.09 - 
Microsoft 1.4502 2009.04.09 - 
NOD32 3997 2009.04.09 - 
Norman 6.00.06 2009.04.09 - 
nProtect 2009.1.8.0 2009.04.09 Trojan-Downloader/W32.Agent.300555 
Panda 10.0.0.14 2009.04.09 - 
PCTools 4.4.2.0 2009.04.08 Worm.AutoRun.BY 
Prevx1 V2 2009.04.09 - 
Rising 21.24.32.00 2009.04.09 Trojan.Win32.Nodef.abd 
Sophos 4.40.0 2009.04.09 - 
Sunbelt 3.2.1858.2 2009.04.09 - 
Symantec 1.4.4.12 2009.04.09 - 
TheHacker 6.3.4.0.305 2009.04.09 Trojan/AutoHK.k 
TrendMicro 8.700.0.1004 2009.04.09 - 
VBA32 3.12.10.2 2009.04.09 - 
ViRobot 2009.4.7.1686 2009.04.09 Trojan.Win32.Autorun.201407 
VirusBuster 4.6.5.0 2009.04.09 - 


Information additionnelle 
File size: 201466 bytes 
MD5...: 97e634c62c379cf30175ea70a1472903 
SHA1..: 9e0df59decd0944eca3a9ea46563d4c1763b54a0 
SHA256: c20a868e0836fe4cbbd54c9b7d8f0912ff46d0b5ef564e085b81f8ff8858d121 
SHA512: e1b11964a18e3d976cf12d16f39bf5dec98e080af1d11cdc25ffb46b255be9f3
9f990023eb4a6f38a5c6e2e429c5d7807cb8f34c4a935ba28affc4167e1f6602 
ssdeep: 3072:ixha8v34ll1YKxSBk6q0Alg0d2Xr4DqtZnhH0Kxrm0FArGHElMl8XEIQFVp
1LSZm:WakmbDMLcu0e9CwKQigIQFV3LzrzoSGS
 
PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser 
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6e9e0
timedatestamp.....: 0x46d419ac (Tue Aug 28 12:48:44 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x3f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x40000 0x30000 0x2f600 8.00 176b1b2bbf559ce04dd8657fdecb9734
.rsrc 0x70000 0x2000 0x1800 4.80 1a99c06a951d3fee2c490b576dc82668

( 12 imports ) 
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: -
> comdlg32.dll: GetOpenFileNameA
> GDI32.dll: BitBlt
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueA
> WINMM.dll: mixerOpen
> WSOCK32.dll: -

( 0 exports ) 
 
RDS...: NSRL Reference Data Set
- 
packers (Kaspersky): UPX 




Apré avec malware j'ai fait une analyse ,  et malware a rien trouvé mais jte colle quand meme le rapport de l'examen complet de mon ordi :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1958
Windows 6.0.6001 Service Pack 1

09/04/2009 18:19:14
mbam-log-2009-04-09 (18-19-14).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 191143
Temps écoulé: 34 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Juste par curiosité , pourquoi m'as tu demandé d'analyser C:\Users\Windows\Desktop\f1.exe  et pas autre chose ?

jlpjlp · Answer

Juste par curiosité , pourquoi m'as tu demandé d'analyser C:\Users\Windows\Desktop\f1.exe et pas autre chose ?

par habitude, celui ci me parraissait infecté :)

fais ceci:

Télécharge et installe UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

WinterMan · Answer

voila le raport :


############################## [ UsbFix V3.005 ] 

# User : Windows (Administrateurs) # PC-DE-WINDOWS
# Update on 08/04/09 by C_XX & Chiquitine29
# Start at: 19:42:53 | 09/04/2009

# Intel(R) Pentium(R) Dual  CPU  E2180  @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1229 [VPS 090409-0] 4.8.1229 [ Enabled | Updated ]

# C:\ # Disque fixe local # 69,77 Go (18,32 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 69,52 Go (69,43 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
 
############################## [ Processus actifs ] 
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\System32
vraidservice.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtlService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\OLITEC\Moniteur WiFi OLITEC\RtWlan.exe
C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hklm.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Windows\Desktop\f1.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Users\Windows\Desktop\WoWEmuHacker5.exe
C:\Windows\system32\conime.exe

################## [  Registre # Startup ] 

HKCU_Main:  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF" 
HKCU_Main:  "Start Page"="https://www.google.fr/?gws_rd=ssl" 
HKLM_logon: "Userinit"="C:\Windows\system32\userinit.exe," 
HKLM_Run:    Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide 
HKLM_Run:    RtHDVCpl=RtHDVCpl.exe 
HKLM_Run:    Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe 
HKLM_Run:    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe 
HKLM_Run:    PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe 
HKLM_Run:    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
HKLM_Run:    WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe 
HKLM_Run:    eRecoveryService= 
HKLM_Run:    NVRaidService=C:\Windows\system32
vraidservice.exe 
HKLM_Run:    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" 
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
HKLM_Run:    NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  
HKCU_Run:    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized  
HKCU_Run:    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe  
HKCU_Run:    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe  
HKLM_System: "FilterAdministratorToken"=dword:00000000 
HKLM_System: "EnableLUA"=dword:00000000 

################## [ Informations ] 
 

################## [ Fichiers # Dossiers infectieux ] 

 
################## [ Registre # Clés infectieuses ] 
 
# -> Not Found !  
 
################## [ Registre # Mountpoint2 ] 
 
# -> Not Found !  

################## [ ! Fin du rapport # UsbFix V3.005 ! ]

jlpjlp · Answer

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide. 


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

WinterMan · Answer

Voila c'est fait , je te mets le raport obtenu :

ComboFix 09-04-04.01 - Windows 2009-04-09 20:41:30.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3071.1919 [GMT 2:00]
Lancé depuis: c:\users\Windows\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 090409-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-09 au 2009-04-09 ))))))))))))))))))))))))))))))))))))
.

2009-04-09 19:18 . 2009-04-09 19:42 <REP> d-------- C:\UsbFix
2009-04-09 17:44 . 2009-04-09 17:44 <REP> d-------- c:\users\Windows\AppData\Roaming\Malwarebytes
2009-04-09 17:44 . 2009-04-09 17:44 <REP> d-------- c:\users\All Users\Malwarebytes
2009-04-09 17:44 . 2009-04-09 17:44 <REP> d-------- c:\programdata\Malwarebytes
2009-04-09 17:44 . 2009-04-09 17:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 17:44 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-09 17:44 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-09 15:06 . 2009-04-09 15:06 <REP> d-------- C:\rsit
2009-04-09 14:28 . 2009-04-09 14:28 <REP> d-------- c:\program files\Trend Micro
2009-04-08 22:14 . 2009-04-08 22:14 <REP> d-------- c:\program files\CamStudio
2009-04-08 21:32 . 2009-04-08 21:32 <REP> d-------- c:\program files\Panda Security
2009-04-08 16:53 . 2009-04-08 18:06 <REP> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-04-08 16:53 . 2009-04-08 18:06 <REP> d-------- c:\programdata\Spybot - Search & Destroy
2009-04-08 16:53 . 2009-04-08 16:53 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-04-08 16:09 . 2009-04-08 16:10 <REP> d-------- c:\users\All Users\Lavasoft
2009-04-08 16:09 . 2009-04-08 16:10 <REP> d-------- c:\programdata\Lavasoft
2009-04-08 16:09 . 2009-04-08 16:09 <REP> d-------- c:\program files\Lavasoft
2009-04-08 13:25 . 2009-04-08 13:25 <REP> d-------- c:\program files\ToniArts
2009-03-19 20:58 . 2009-03-19 20:58 <REP> d-------- c:\users\Windows\yf
2009-03-17 22:49 . 2009-03-17 22:49 <REP> d-------- c:\program files\alaplaya
2009-03-17 17:54 . 2009-03-17 17:59 <REP> d-------- c:\program files\Look@LAN
2009-03-17 17:54 . 2009-03-17 17:54 720,896 --a------ c:\windows\iun6002.exe
2009-03-17 17:49 . 2009-03-17 17:49 <REP> d-------- c:\windows\Sun
2009-03-16 18:24 . 2009-03-16 18:24 <REP> d-------- c:\program files\ZqWare
2009-03-16 18:06 . 2009-03-16 18:06 <REP> d-------- c:\users\Windows\AppData\Roaming\ZqWare
2009-03-16 17:59 . 2009-03-16 17:59 <REP> d-------- c:\program files\AF Software
2009-03-15 21:52 . 2009-03-15 21:52 <REP> d-------- c:\users\All Users\eMule
2009-03-15 21:52 . 2009-03-15 21:52 <REP> d-------- c:\programdata\eMule
2009-03-15 21:52 . 2009-03-15 21:52 <REP> d-------- c:\program files\eMule
2009-03-11 14:40 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 14:40 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 14:40 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 14:40 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 14:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 14:40 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:41 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2009-04-09 18:41 786,432 --sha-w c:\users\Invité\NTUSER.DAT
2009-04-09 18:36 --------- d-----w c:\program files\Oxygene V14a
2009-04-09 12:04 --------- d-----w c:\users\Windows\AppData\Roaming\Skype
2009-04-09 11:55 --------- d-----w c:\program files\Acer GameZone
2009-04-09 11:26 --------- d---a-w c:\programdata\TEMP
2009-04-09 08:10 --------- d-----w c:\users\Windows\AppData\Roaming\skypePM
2009-04-08 14:23 --------- d-----w c:\program files\World of Warcraft
2009-04-08 14:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-08 11:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 17:33 --------- d-----w c:\program files\Gravity
2009-03-16 16:26 1,242 ----a-w c:\users\Windows\AppData\Roaming\wklnhst.dat
2009-03-12 11:29 --------- d-----w c:\program files\Windows Mail
2009-03-06 18:02 --------- d-----w c:\program files\IP Changer
2009-03-03 16:32 --------- d-----w c:\users\Windows\AppData\Roaming\PeerNetworking
2009-02-23 19:32 --------- d-----w c:\program files\Google
2009-02-23 18:38 --------- d-----w c:\users\Windows\AppData\Roaming\Yahoo!
2009-02-23 18:38 --------- d-----w c:\programdata\Yahoo! Companion
2009-02-23 15:59 --------- d-----w c:\users\Windows\AppData\Roaming\OpenOffice.org
2009-02-23 15:50 --------- d-----w c:\programdata\Skype
2009-02-23 15:50 --------- d-----w c:\program files\Common Files\Skype
2009-02-23 15:50 --------- d-----r c:\program files\Skype
2009-02-14 13:26 --------- d-----w c:\program files\WarRock
2009-02-14 09:48 --------- d-----w c:\programdata\Messenger Plus!
2009-02-10 19:50 --------- d-----w c:\users\Windows\AppData\Roaming\teamspeak2
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-13 06:52 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 00:38 121392 --a------ c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]

c:\users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hklm.exe [2009-01-23 68096]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-04-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-21 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{F158742F-48F9-4833-8369-7CBA8CC22457}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{5B889CCC-8E88-4EC8-B035-E41E2049034A}"= UDP:c:\program files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe:RtWlan
"{4FEF3002-0F1B-4E85-A48F-B3D63153ACCC}"= TCP:c:\program files\OLITEC\Moniteur WiFi OLITEC\RtWLan.exe:RtWlan
"{53811A75-1CEA-4AAB-B963-D74A968E1643}"= UDP:1542:Realtek WPS TCP Prot
"{3DE4A599-ABF5-4C78-BB23-D4A11A74D723}"= TCP:1542:Realtek WPS UDP Prot
"{8F243857-CFC8-4DDF-AE9C-55A5A8026ECD}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{FF3A7044-7BB2-4D24-81E6-C4FAE4BC0BD7}c:\\users\\windows\\desktop\\instalations\\burning-crusade.exe"= UDP:c:\users\windows\desktop\instalations\burning-crusade.exe:burning-crusade.exe
"UDP Query User{0C1CCD41-1F94-4011-A5C2-C774D3BBC224}c:\\users\\windows\\desktop\\instalations\\burning-crusade.exe"= TCP:c:\users\windows\desktop\instalations\burning-crusade.exe:burning-crusade.exe
"TCP Query User{2C8E0C96-8D2A-4B38-8177-4FDC9D2EB265}c:\\users\\windows\\desktop\\burning-crusade.exe"= UDP:c:\users\windows\desktop\burning-crusade.exe:burning-crusade.exe
"UDP Query User{7B6DBB92-5495-4FA8-8774-6C31F6AEA733}c:\\users\\windows\\desktop\\burning-crusade.exe"= TCP:c:\users\windows\desktop\burning-crusade.exe:burning-crusade.exe
"TCP Query User{1DFF9486-B596-46E1-91C6-8920A5D11779}c:\\users\\windows\\desktop\\instalations\\wow.exe"= UDP:c:\users\windows\desktop\instalations\wow.exe:wow.exe
"UDP Query User{E021F2F1-F796-4942-ADF7-BF5B2C4A21D4}c:\\users\\windows\\desktop\\instalations\\wow.exe"= TCP:c:\users\windows\desktop\instalations\wow.exe:wow.exe
"TCP Query User{0CBF5E6F-61D2-4574-A847-CFCACFC0DA7C}c:\\users\\windows\\desktop\\wow.exe"= UDP:c:\users\windows\desktop\wow.exe:wow.exe
"UDP Query User{665B49FF-AE11-43A3-90AE-46C63691532E}c:\\users\\windows\\desktop\\wow.exe"= TCP:c:\users\windows\desktop\wow.exe:wow.exe
"{2A618F8F-D0D5-4C20-88A3-6F7D55C5B1C2}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{3FA1BE47-12B0-43AF-A530-5DE009D06EED}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{B04D3152-0530-4266-B722-A0DE0114F2E1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B8B733CE-27FE-4C55-BDC0-E53CE81A6B7C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16BA3696-9A9C-4807-B87E-1C66C8B89FEB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{07570B7D-9151-41BA-BFEE-0E1E1CC9376A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{024101D7-FDE0-4DA0-B4E2-AC88CC13229E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B7708F8-F9C4-4265-9DA7-09CB6A704FED}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CE2B6DEE-0FE0-4AA3-84E9-E68E67252879}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB7D0634-2111-4645-BA23-5503E213CB5F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7D965F4E-38A4-4447-B702-216701920882}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{ED2557FA-6B19-4A33-981E-CB0A57773B1A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E5CFD41-88A8-494E-8368-9AE7763B2A6D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7351AC21-5A4C-43E6-B52B-1DF727A2335F}c:\\program files\\proxomitron naoko-4\\proxomitron.exe"= UDP:c:\program files\proxomitron naoko-4\proxomitron.exe:The Proxomitron
"UDP Query User{3C483E5E-649E-4A2C-A779-0DDC896B12F6}c:\\program files\\proxomitron naoko-4\\proxomitron.exe"= TCP:c:\program files\proxomitron naoko-4\proxomitron.exe:The Proxomitron
"{70315EC3-91CB-4B9E-9E65-B76A20A19EE6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{425C8D9A-6368-4775-80CD-7B229A61A9DC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D2079112-D40B-4408-ADC3-64516AD9DBE6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48150574-47A3-4AF2-BDD4-9D7CB6C18608}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C9FCBEB-52A2-4A27-9015-7BF8E6707130}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{60DAAE29-20BC-4863-8972-52F15D72DB48}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF8CB950-716B-4284-B494-172148F0E7BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A33E76FA-862F-4496-92AD-23A93CC0B1DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EFEAC5C7-1355-4C05-AE8D-0AA3617DFA36}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2553D236-041E-42C9-8FA0-A46E32EB6D2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C24E0D89-914F-4E6C-8F38-7C3A98517308}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A27F45B1-D759-45E9-B6E4-4874DB34A744}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB143692-2298-4C15-BE32-86B6689F8030}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6FF4B2BF-B06D-4BD3-A957-7A034FC2E015}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1B495CC9-4C87-4D76-ACC7-CD345E032FB9}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{0D8CF410-AF14-41BC-BC24-90850BE866B7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CB950D31-A454-486A-8724-84058EC0823D}c:\\program files\\look@lan\\lookatlan.exe"= UDP:c:\program files\look@lan\lookatlan.exe:Look@LAN
"UDP Query User{B1EF0A5A-8AD1-4884-813B-BD6D99DF7AFA}c:\\program files\\look@lan\\lookatlan.exe"= TCP:c:\program files\look@lan\lookatlan.exe:Look@LAN
"TCP Query User{A6DC0DC2-9762-4585-8778-409FD87107C4}c:\\program files\\look@lan\\lookathost.exe"= UDP:c:\program files\look@lan\lookathost.exe:Look@HOST
"UDP Query User{48E35492-FFB6-4C7A-9AAC-FECBD1CC1B5E}c:\\program files\\look@lan\\lookathost.exe"= TCP:c:\program files\look@lan\lookathost.exe:Look@HOST
"{D653AB07-73E5-4510-B353-8511AFD731C9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C9B16B86-4A07-4A40-9E26-638819EB8325}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C77F5A37-BA4C-4949-AD3B-AC0F9557F2C4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E3246919-7ADB-4502-80A8-ED1677FF7FFB}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{A95CB535-C763-401E-BABF-2EC39B71A792}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{AF272D76-95CD-49F3-B812-BA47184AF1C2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{16D051ED-321C-4232-9D8C-37574A2E695A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{507720A5-E4E9-446F-9746-8F31E0044411}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9AF4F00-CF1B-47A7-BEEB-90DEFA8431F9}"= Disabled:UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{7C7FDE96-246A-41D7-945F-18F8D00F86EC}"= Disabled:TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-13 78416]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009-01-14 25896]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-03-21 269448]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-13 51280]
R2 RealtekPCI;RealtekPCI;c:\program files\OLITEC\Moniteur WiFi OLITEC\RtlService.exe [2009-01-14 36864]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-04-08 1153368]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-03-21 30752]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [2008-03-21 361472]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
FF - ProfilePath - c:\users\Windows\AppData\Roaming\Mozilla\Firefox\Profiles\qedw3xpd.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 20:43:29
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(5540)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2009-04-09 20:45:07
ComboFix-quarantined-files.txt 2009-04-09 18:44:58

Avant-CF: 19 319 255 040 octets libres
Après-CF: 19,286,417,408 octets libres

247 --- E O F --- 2009-04-07 13:29:44

Hop ^^ j'espere que tu va trouver ce qui va pas parce que ça m'énerve toutes ces manip ^^

jlpjlp · Answer

télécharge OTMoveIt 
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved. 
(attention bien mettre :files)

:files
C:\Users\Windows\Desktop\f1.exe


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 
________________________

initialise internet explorer
https://www.pcastuces.com/newsletter/adj/1943.htm

_______________________
vire firefox et mets cette version:
http://www.mozilla-europe.org/fr/firefox/



encore des pubs?

Page publicitaire internet

10 réponses

Votre réponse

Newsletters