Problème infection gen adware [RESOLU]
Forum Sécurité - Virus : Problème infection gen adware [RESOLU]
Bonsoir, voila mon problème est que mon antivirus détecte gen adware et que je n'arrive pas à l'éradiquer.
voici le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:47, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Users\Géraldine\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\relevantknowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_accueil [...] efaultPage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1680x1050.cmd
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Géraldine\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\GRALDI~1\AppData\Local\Temp\cce5900.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\Users\GRALDI~1\AppData\Local\Temp\cce58EF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\GRALDI~1\AppData\Local\Temp\cce58FF.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 10703 bytes
s'il vous plait aider moi.
merci
Message édité par titi13-34 le 05-05-2009 à 23:10:27
Bonjour,
Tu es infecté par RelevantKnowledge.
- Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
- Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
- Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
- Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
- Sélectionne Exécuter un examen rapide.
- Clique sur Rechercher. L'analyse démarre.
- A la fin de l'analyse, un message s'affiche :
| Citation : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. |
- Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
- Ferme tes navigateurs.
- Si des malwares ont été détectés, clique sur Afficher les résultats.
- Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
- MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
Merci de m'aider j'ai suivi la procédure voici le rapport.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2078
Windows 6.0.6001 Service Pack 1
05/05/2009 20:43:23
mbam-log-2009-05-05 (20-43-23).txt
Type de recherche: Examen rapide
Eléments examinés: 67167
Temps écoulé: 2 minute(s), 28 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.Marketscore) -> Quarantined and deleted successfully.
Bien.
- Relance MBAM, va dans Quarantaine et supprime tout.
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
voici le rapport
Logfile of random's system information tool 1.06 (written by random/random)
Run by Géraldine at 2009-05-05 21:11:36
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 224 GB (74%) free of 300 GB
Total RAM: 3070 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:37, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Géraldine\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Géraldine\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Géraldine.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_accueil [...] efaultPage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1680x1050.cmd
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Géraldine\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\GRALDI~1\AppData\Local\Temp\cce5900.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\Users\GRALDI~1\AppData\Local\Temp\cce58EF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\GRALDI~1\AppData\Local\Temp\cce58FF.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 10581 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-14 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-07 95536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-06-06 203296]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"Setresolution"=C:\ACERSW\config\1680x1050.cmd []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-25 24064]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-16 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-07 69632]
"TerraTec Remote Control"=C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-14 148888]
"SMSTray"=C:\Program Files\Samsung\EmoDio\SMSTray.exe [2009-03-21 484888]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"BitTorrent DNA"=C:\Users\Géraldine\Program Files\DNA\btdna.exe [2009-02-02 342848]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-03-18 251240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ASETRES.EXE
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
C:\Users\Géraldine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66ba038a-f5e1-11dd-adf8-000b6b9c79d4}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-05-05 21:07:43 ----D---- C:\rsit
2009-05-05 20:37:52 ----D---- C:\Users\Géraldine\AppData\Roaming\Malwarebytes
2009-05-05 20:37:47 ----D---- C:\ProgramData\Malwarebytes
2009-05-05 20:37:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-05 19:15:10 ----D---- C:\Program Files\Trend Micro
2009-05-05 19:07:50 ----D---- C:\Program Files\CCleaner
2009-05-04 22:15:20 ----A---- C:\Windows\system32\CF22803.exe
2009-05-04 22:14:19 ----A---- C:\Windows\system32\CF22431.exe
2009-05-04 22:14:14 ----A---- C:\Windows\system32\swsc.exe
2009-05-04 22:13:26 ----D---- C:\Qoobox
2009-05-04 22:13:24 ----A---- C:\Bug.txt
2009-04-26 15:04:26 ----D---- C:\Program Files\WinRAR
2009-04-25 23:04:22 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\icardres.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\icardagt.exe
2009-04-25 23:04:20 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-25 23:04:19 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-25 23:04:17 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-25 23:00:44 ----A---- C:\Windows\system32\dfshim.dll
2009-04-25 23:00:43 ----A---- C:\Windows\system32\mscoree.dll
2009-04-25 23:00:42 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-25 23:00:34 ----A---- C:\Windows\system32\mscorier.dll
2009-04-25 23:00:30 ----A---- C:\Windows\system32\mscories.dll
2009-04-25 22:56:18 ----A---- C:\Windows\ODBCINST.INI
2009-04-25 22:22:47 ----D---- C:\Users\Géraldine\AppData\Roaming\Download Manager
2009-04-25 11:06:55 ----A---- C:\Windows\system32\xvidvfw.dll
2009-04-25 11:06:55 ----A---- C:\Windows\system32\xvidcore.dll
2009-04-23 21:11:04 ----HD---- C:\LG3G
2009-04-17 19:54:59 ----A---- C:\Windows\system32\winhttp.dll
2009-04-17 19:54:57 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-17 19:54:57 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-17 19:54:49 ----A---- C:\Windows\system32\rpcss.dll
2009-04-17 19:54:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-17 19:54:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iashost.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasads.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\secur32.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\kernel32.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\apilogen.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 09:28:20 ----A---- C:\Windows\system32\javaws.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\javaw.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\java.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\deploytk.dll
2009-04-12 21:15:08 ----D---- C:\Users\Géraldine\AppData\Roaming\OpenOffice.org
2009-04-12 21:13:29 ----D---- C:\Program Files\JRE
2009-04-12 21:13:23 ----D---- C:\Program Files\OpenOffice.org 3
2009-04-10 22:04:09 ----HD---- C:\Windows\msdownld.tmp
2009-04-10 22:03:08 ----A---- C:\Windows\system32\msls31.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\ieui.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\icardie.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\corpol.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\admparse.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\imgutil.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\iernonce.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\wextract.exe
2009-04-10 22:03:06 ----A---- C:\Windows\system32\webcheck.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\occache.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\msrating.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\inseng.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\iesetup.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\iepeers.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\ieakui.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-10 22:03:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\mstime.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-10 22:03:05 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\advpack.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\vbscript.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\url.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\jscript.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-10 22:03:03 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\mshta.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\iexpress.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\wininet.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\urlmon.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\iertutil.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-10 22:03:01 ----A---- C:\Windows\system32\mshtml.dll
2009-04-10 22:03:01 ----A---- C:\Windows\system32\ieframe.dll
2009-04-10 09:24:27 ----D---- C:\Windows\Minidump
2009-04-07 12:13:22 ----D---- C:\Program Files\Common Files\AVSMedia
2009-04-07 12:13:14 ----A---- C:\Windows\system32\msxml3a.dll
======List of files/folders modified in the last 1 months======
2009-05-05 21:11:33 ----D---- C:\Windows\Temp
2009-05-05 21:05:02 ----D---- C:\Users\Géraldine\AppData\Roaming\DNA
2009-05-05 20:51:32 ----D---- C:\Windows\inf
2009-05-05 20:51:32 ----AD---- C:\Windows\System32
2009-05-05 20:51:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-05 20:44:31 ----D---- C:\Windows
2009-05-05 20:44:27 ----RD---- C:\Program Files
2009-05-05 20:44:26 ----D---- C:\Windows\system32\drivers
2009-05-05 20:37:47 ----HD---- C:\ProgramData
2009-05-05 19:11:26 ----D---- C:\Windows\Debug
2009-05-04 22:15:20 ----D---- C:\Windows\system32\fr-FR
2009-05-01 22:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 11:01:54 ----D---- C:\Windows\system32\catroot2
2009-05-01 11:01:51 ----SHD---- C:\System Volume Information
2009-05-01 11:01:38 ----SHD---- C:\Windows\Installer
2009-05-01 11:01:38 ----D---- C:\Program Files\Microsoft
2009-04-30 21:31:08 ----D---- C:\ProgramData\NVIDIA
2009-04-30 21:27:24 ----D---- C:\Windows\system32\catroot
2009-04-30 21:26:28 ----D---- C:\Windows\Prefetch
2009-04-30 21:26:24 ----RSD---- C:\Windows\assembly
2009-04-30 21:14:35 ----D---- C:\Windows\winsxs
2009-04-30 18:58:01 ----D---- C:\ProgramData\Adobe
2009-04-30 18:58:00 ----D---- C:\Program Files\Adobe
2009-04-30 18:57:59 ----D---- C:\Program Files\Common Files\Adobe
2009-04-30 18:56:41 ----D---- C:\Program Files\Common Files
2009-04-29 22:32:10 ----D---- C:\Program Files\Mozilla Firefox
2009-04-26 14:56:08 ----D---- C:\Users\Géraldine\AppData\Roaming\BitTorrent
2009-04-26 09:06:43 ----D---- C:\Windows\Microsoft.NET
2009-04-25 23:43:50 ----D---- C:\Users\Géraldine\AppData\Roaming\Adobe
2009-04-25 23:29:08 ----D---- C:\Windows\rescache
2009-04-25 23:11:05 ----D---- C:\Windows\system32\XPSViewer
2009-04-25 23:11:05 ----D---- C:\Windows\system32\wbem
2009-04-25 23:11:05 ----D---- C:\Windows\system32\en-US
2009-04-25 22:56:49 ----RSD---- C:\Windows\Fonts
2009-04-20 19:11:13 ----D---- C:\Program Files\Samsung
2009-04-20 19:10:20 ----A---- C:\Windows\system32\msvcr71.dll
2009-04-19 21:52:54 ----D---- C:\Users\Géraldine\AppData\Roaming\dvdcss
2009-04-18 08:36:52 ----D---- C:\Program Files\Windows Mail
2009-04-18 08:36:51 ----D---- C:\Windows\system32\manifeststore
2009-04-18 08:36:50 ----D---- C:\Windows\AppPatch
2009-04-14 09:28:02 ----D---- C:\Program Files\Java
2009-04-10 23:19:47 ----D---- C:\Program Files\Internet Explorer
2009-04-10 23:19:45 ----D---- C:\Windows\system32\migration
2009-04-10 23:19:45 ----D---- C:\Windows\PolicyDefinitions
2009-04-10 19:18:04 ----D---- C:\Windows\system32\LogFiles
2009-04-08 13:35:54 ----D---- C:\ProgramData\Microsoft Help
2009-04-08 13:35:47 ----D---- C:\Program Files\Microsoft Office
2009-04-08 13:35:47 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-08 13:35:46 ----D---- C:\Program Files\Microsoft Works
2009-04-08 13:34:56 ----D---- C:\Windows\ShellNew
2009-04-07 19:09:04 ----AD---- C:\ProgramData\TEMP
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-03-25 137224]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2009-01-19 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-04-07 8832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 PRISM_A02;802.11g USB 2.0 adapter; C:\Windows\system32\DRIVERS\PRISMA02.sys [2004-03-30 374816]
R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-04-14 39808]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA); C:\Windows\system32\drivers\TTCinergyT2BDA.sys [2005-10-06 22528]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-13 247808]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-07 415024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-07 1626112]
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service []
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-25 24064]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-17 316664]
-----------------EOF-----------------
merci de ton aide
1/
- Cherche ce fichier : C:\Program Files\Trend Micro\HijackThis\Géraldine.exe
- Clique droit sur ce fichier et choisis Exécuter en tant qu'administrateur.
- Choisis Do a system scan only.
- Coche les cases qui sont devant les lignes suivantes :
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
|
- Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
- Ferme HijackThis.
2/
- Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
- Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
- Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
|
- Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver RelevantKnowledge not found.
Unable to delete service\driver keyRelevantKnowledge.
========== COMMANDS ==========
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\etilqs_XN7MbmWJp90BS19TI1TM scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DF5792.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DFF531.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_213432
La procédure avec OTMoveIt n'a pas fonctionné. Il faut désactiver l'UAC.
peux tu m'indiquer comment on le désactive
Clique sur le mot UAC sur mon précédent message.
oki j'avais pas vu voici le nouveau rapport :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver RelevantKnowledge deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\etilqs_ZNizLaqyBNTNpzqVPWxP scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DFCDD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DFE0B6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_220411
Files moved on Reboot...
File C:\Users\GRALDI~1\AppData\Local\Temp\etilqs_ZNizLaqyBNTNpzqVPWxP not found!
File C:\Users\GRALDI~1\AppData\Local\Temp\~DFCDD.tmp not found!
C:\Users\GRALDI~1\AppData\Local\Temp\~DFE0B6.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\urlclassifier3.sqlite moved successfully.
Ça a fonctionné.
- Refais un scan RSIT et poste le rapport log.
voici le log peux tu me dire si il y a beaucoup de chose a faire encore merci.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Géraldine at 2009-05-05 22:16:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 224 GB (74%) free of 300 GB
Total RAM: 3070 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:10, on 05/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Géraldine\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Géraldine\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Géraldine.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_accueil [...] efaultPage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx? [...] pire_m3641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1680x1050.cmd
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Géraldine\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\GRALDI~1\AppData\Local\Temp\cce5900.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\Users\GRALDI~1\AppData\Local\Temp\cce58EF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\GRALDI~1\AppData\Local\Temp\cce58FF.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mxl: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mya: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myt: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 10414 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-14 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-04-07 95536]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-09 326176]
"PCMMediaSharing"=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-25 204908]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-06-06 203296]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"Setresolution"=C:\ACERSW\config\1680x1050.cmd []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-25 24064]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-04-16 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-04-07 69632]
"TerraTec Remote Control"=C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-14 148888]
"SMSTray"=C:\Program Files\Samsung\EmoDio\SMSTray.exe [2009-03-21 484888]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"BitTorrent DNA"=C:\Users\Géraldine\Program Files\DNA\btdna.exe [2009-02-02 342848]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-03-18 251240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ASETRES.EXE
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
C:\Users\Géraldine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66ba038a-f5e1-11dd-adf8-000b6b9c79d4}]
shell\AutoRun\command - J:\InstallTomTomHOME.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-05-05 21:34:32 ----D---- C:\_OTMoveIt
2009-05-05 21:07:43 ----D---- C:\rsit
2009-05-05 20:37:52 ----D---- C:\Users\Géraldine\AppData\Roaming\Malwarebytes
2009-05-05 20:37:47 ----D---- C:\ProgramData\Malwarebytes
2009-05-05 20:37:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-05 19:15:10 ----D---- C:\Program Files\Trend Micro
2009-05-05 19:07:50 ----D---- C:\Program Files\CCleaner
2009-05-04 22:15:20 ----A---- C:\Windows\system32\CF22803.exe
2009-05-04 22:14:19 ----A---- C:\Windows\system32\CF22431.exe
2009-05-04 22:14:14 ----A---- C:\Windows\system32\swsc.exe
2009-05-04 22:13:26 ----D---- C:\Qoobox
2009-05-04 22:13:24 ----A---- C:\Bug.txt
2009-04-26 15:04:26 ----D---- C:\Program Files\WinRAR
2009-04-25 23:04:22 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\icardres.dll
2009-04-25 23:04:21 ----A---- C:\Windows\system32\icardagt.exe
2009-04-25 23:04:20 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-25 23:04:19 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-25 23:04:17 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-25 23:00:44 ----A---- C:\Windows\system32\dfshim.dll
2009-04-25 23:00:43 ----A---- C:\Windows\system32\mscoree.dll
2009-04-25 23:00:42 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-25 23:00:34 ----A---- C:\Windows\system32\mscorier.dll
2009-04-25 23:00:30 ----A---- C:\Windows\system32\mscories.dll
2009-04-25 22:56:18 ----A---- C:\Windows\ODBCINST.INI
2009-04-25 22:22:47 ----D---- C:\Users\Géraldine\AppData\Roaming\Download Manager
2009-04-25 11:06:55 ----A---- C:\Windows\system32\xvidvfw.dll
2009-04-25 11:06:55 ----A---- C:\Windows\system32\xvidcore.dll
2009-04-23 21:11:04 ----HD---- C:\LG3G
2009-04-17 19:54:59 ----A---- C:\Windows\system32\winhttp.dll
2009-04-17 19:54:57 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-17 19:54:57 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-17 19:54:49 ----A---- C:\Windows\system32\rpcss.dll
2009-04-17 19:54:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-17 19:54:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iashost.exe
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-17 19:54:48 ----A---- C:\Windows\system32\iasads.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\secur32.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\kernel32.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\apilogen.dll
2009-04-17 19:54:45 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 09:28:20 ----A---- C:\Windows\system32\javaws.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\javaw.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\java.exe
2009-04-14 09:28:20 ----A---- C:\Windows\system32\deploytk.dll
2009-04-12 21:15:08 ----D---- C:\Users\Géraldine\AppData\Roaming\OpenOffice.org
2009-04-12 21:13:29 ----D---- C:\Program Files\JRE
2009-04-12 21:13:23 ----D---- C:\Program Files\OpenOffice.org 3
2009-04-10 22:04:09 ----HD---- C:\Windows\msdownld.tmp
2009-04-10 22:03:08 ----A---- C:\Windows\system32\msls31.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\ieui.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\icardie.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\corpol.dll
2009-04-10 22:03:08 ----A---- C:\Windows\system32\admparse.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\imgutil.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\iernonce.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-10 22:03:07 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\wextract.exe
2009-04-10 22:03:06 ----A---- C:\Windows\system32\webcheck.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\occache.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\msrating.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\inseng.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\iesetup.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\iepeers.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\ieakui.dll
2009-04-10 22:03:06 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-10 22:03:05 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\mstime.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-10 22:03:05 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-10 22:03:05 ----A---- C:\Windows\system32\advpack.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\vbscript.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\url.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\jscript.dll
2009-04-10 22:03:04 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-10 22:03:03 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\mshta.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\iexpress.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-10 22:03:03 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\wininet.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\urlmon.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\iertutil.dll
2009-04-10 22:03:02 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-10 22:03:01 ----A---- C:\Windows\system32\mshtml.dll
2009-04-10 22:03:01 ----A---- C:\Windows\system32\ieframe.dll
2009-04-10 09:24:27 ----D---- C:\Windows\Minidump
2009-04-07 12:13:22 ----D---- C:\Program Files\Common Files\AVSMedia
2009-04-07 12:13:14 ----A---- C:\Windows\system32\msxml3a.dll
======List of files/folders modified in the last 1 months======
2009-05-05 22:16:06 ----D---- C:\Windows\Temp
2009-05-05 22:15:50 ----D---- C:\Windows\inf
2009-05-05 22:15:50 ----AD---- C:\Windows\System32
2009-05-05 22:15:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-05 22:10:47 ----D---- C:\Users\Géraldine\AppData\Roaming\DNA
2009-05-05 22:09:05 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-05 22:09:05 ----HD---- C:\ProgramData
2009-05-05 22:07:04 ----D---- C:\Program Files\Mozilla Firefox
2009-05-05 22:06:34 ----D---- C:\Program Files\DNA
2009-05-05 20:44:31 ----D---- C:\Windows
2009-05-05 20:44:27 ----RD---- C:\Program Files
2009-05-05 20:44:26 ----D---- C:\Windows\system32\drivers
2009-05-05 19:11:26 ----D---- C:\Windows\Debug
2009-05-04 22:15:20 ----D---- C:\Windows\system32\fr-FR
2009-05-01 22:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 11:01:54 ----D---- C:\Windows\system32\catroot2
2009-05-01 11:01:51 ----SHD---- C:\System Volume Information
2009-05-01 11:01:38 ----SHD---- C:\Windows\Installer
2009-05-01 11:01:38 ----D---- C:\Program Files\Microsoft
2009-04-30 21:31:08 ----D---- C:\ProgramData\NVIDIA
2009-04-30 21:27:24 ----D---- C:\Windows\system32\catroot
2009-04-30 21:26:28 ----D---- C:\Windows\Prefetch
2009-04-30 21:26:24 ----RSD---- C:\Windows\assembly
2009-04-30 21:14:35 ----D---- C:\Windows\winsxs
2009-04-30 18:58:01 ----D---- C:\ProgramData\Adobe
2009-04-30 18:58:00 ----D---- C:\Program Files\Adobe
2009-04-30 18:57:59 ----D---- C:\Program Files\Common Files\Adobe
2009-04-30 18:56:41 ----D---- C:\Program Files\Common Files
2009-04-26 14:56:08 ----D---- C:\Users\Géraldine\AppData\Roaming\BitTorrent
2009-04-26 09:06:43 ----D---- C:\Windows\Microsoft.NET
2009-04-25 23:43:50 ----D---- C:\Users\Géraldine\AppData\Roaming\Adobe
2009-04-25 23:29:08 ----D---- C:\Windows\rescache
2009-04-25 23:11:05 ----D---- C:\Windows\system32\XPSViewer
2009-04-25 23:11:05 ----D---- C:\Windows\system32\wbem
2009-04-25 23:11:05 ----D---- C:\Windows\system32\en-US
2009-04-25 22:56:49 ----RSD---- C:\Windows\Fonts
2009-04-20 19:11:13 ----D---- C:\Program Files\Samsung
2009-04-20 19:10:20 ----A---- C:\Windows\system32\msvcr71.dll
2009-04-19 21:52:54 ----D---- C:\Users\Géraldine\AppData\Roaming\dvdcss
2009-04-18 08:36:52 ----D---- C:\Program Files\Windows Mail
2009-04-18 08:36:51 ----D---- C:\Windows\system32\manifeststore
2009-04-18 08:36:50 ----D---- C:\Windows\AppPatch
2009-04-14 09:28:02 ----D---- C:\Program Files\Java
2009-04-10 23:19:47 ----D---- C:\Program Files\Internet Explorer
2009-04-10 23:19:45 ----D---- C:\Windows\system32\migration
2009-04-10 23:19:45 ----D---- C:\Windows\PolicyDefinitions
2009-04-10 19:18:04 ----D---- C:\Windows\system32\LogFiles
2009-04-08 13:35:54 ----D---- C:\ProgramData\Microsoft Help
2009-04-08 13:35:47 ----D---- C:\Program Files\Microsoft Office
2009-04-08 13:35:47 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-08 13:35:46 ----D---- C:\Program Files\Microsoft Works
2009-04-08 13:34:56 ----D---- C:\Windows\ShellNew
2009-04-07 19:09:04 ----AD---- C:\ProgramData\TEMP
2009-04-06 16:57:24 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-03-25 137224]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2009-01-19 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-04-07 8832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-04-28 42528]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 PRISM_A02;802.11g USB 2.0 adapter; C:\Windows\system32\DRIVERS\PRISMA02.sys [2004-03-30 374816]
R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-04-14 39808]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA); C:\Windows\system32\drivers\TTCinergyT2BDA.sys [2005-10-06 22528]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-13 247808]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-07 415024]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-07 1626112]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-25 24064]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-17 316664]
-----------------EOF-----------------
| Citation : peux tu me dire si il y a beaucoup de chose a faire encore merci. |
---> On a fait le plus gros.
- Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
- Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
- Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
|
- Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\etilqs_a5STBMPbOetOda7a4yXC scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DFE321.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GRALDI~1\AppData\Local\Temp\~DFF516.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_223238
Files moved on Reboot...
File C:\Users\GRALDI~1\AppData\Local\Temp\etilqs_a5STBMPbOetOda7a4yXC not found!
C:\Users\GRALDI~1\AppData\Local\Temp\~DFE321.tmp moved successfully.
File C:\Users\GRALDI~1\AppData\Local\Temp\~DFF516.tmp not found!
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Géraldine\AppData\Local\Mozilla\Firefox\Profiles\4dal482y.default\urlclassifier3.sqlite moved successfully.
Tu as encore des soucis ?
non plus de message de mon antivirus qui me dit que je suis infecté par gen adware
merci
1/
- Désinstalle HijackThis.
- Télécharge OTCleanIt sur ton Bureau :
- Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
- Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
- Redémarre ton PC comme demandé.
2/
- Télécharge et installe CCleaner Slim.
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
3/
- Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
==Prévention==
Réactive l'UAC si ce n'est pas déjà fait.
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer.
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
Si tu estimes que ton problème est résolu :
---> Ajoute maintenant [Résolu] au titre. Pour cela :
- Clique, dans ton premier message, sur le bouton Editer
.
- Rajoute la mention [Résolu] devant le titre.
- Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet 
Merci beaucoup pour ton aide.
Je vais faire plus attention maintenant.
Bonne soirée.
Il y a 472 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
