Dersou1
-
Compteur de contenus
50 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Dersou1
-
Ajouter une icône perso aux icônes système Windows 11
Dersou1 a posté un sujet dans Optimisation, Trucs & Astuces
Bonjour, J'ai créé une icône 16x16 que je souhaite pouvoir insérer dans mes titres de mails (Gmail) Pour cela, je cherche comment ajouter cette icône dans celles qui apparaissent sur le clavier émoticones (Win + ; ) Quelqu'un sait-il comment faire ? D'avance merci 😁 -
[Résolu] Alerte malware avec Zeb Help
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Oui bien sûr, un grand merci à toi !!! Une petite question, tu as enlevé Hotspot shield, supposé être un VPN public. Pour quelle raison stp ? Merci encore pour ton aide. -
[Résolu] Alerte malware avec Zeb Help
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Bonsoir. Voici le résultat des opérations. 1) Fichier ZHPFixReport © CJoint.com, 2012 2) Fichier jrt CJoint.com, 2012 Merci pour l'aide -
[Résolu] Alerte malware avec Zeb Help
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Et voilà : pjjoint.malekal.com - Submit a file Merci = = = = = -
[Résolu] Alerte malware avec Zeb Help
Dersou1 a posté un sujet dans Analyses et éradication malwares
Bonjour. Je viens de passer un petit coup de Zeb Help et suis tout surpris de découvrir que je suis infecté. A bien y réfléchir, c'est peut être pour cela que depuis un certain temps Chrome est aussi lent. Je pensais que cela venait de problèmes de connexion à mon compte (j'en ai plusieurs et il s'emmêle les pinceaux). Alors voilà les lignes incriminées : [MD5.84B2BB8DDED256A2782401EE154951D8] - (.Google Inc. - Google Chrome.) -- E:\2go\LiberKey\Apps\Chrome\App\chrome\chrome.exe [1248208] => Infection Diverse (Trojan.Dropper) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job => Infection Diverse (Trojan.Keygen) O44 - LFC:[MD5.FA7547D815506AD6A150838852E1F805] - 08/02/2013 - 12:43:01 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SurCode.INI [21] => Infection Diverse (Trojan.Agent) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- E:\2go\LiberKey\Apps\Chrome\App\chrome\chrome.exe => Infection Diverse (Trojan.Dropper) Malware (4) J'ai passé un coup de malwarebytes anti malware et il n'a rien trouvé. Merci de vos aides. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Il n'y a plus de fichier crées en continu dans windows\temp. Pour moi, tu as trouvé et vaincu le virus Le PC est un ACER Aspire One D250-OBr Je suppose qu'il faut réinstaller le driver du touchpad ? Je vais enlever les différents progs que l'on a installé et rendre son PC à ma fille avec quelques recommandations sur l'usage des clefs USB Usb-set est maintenant installé à demeure sur son PC et toutes les défenses sont activées. Merci encore pour ton aide et bravo pour ta patience avec moi et tes explications très claires :P -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
J'ai du désactiver Avira pour pouvoir télécharger et exécuter Flash Disinfector de sUBS. Tout s'est bien passé et le bureau est revenu tout seul. Par contre, je ne sais s'il a fait quelque chose aux clef usb préalablement vaccinées par Usb-Set ? Ci dessous, le rapport ComboFix : ComboFix 10-04-12.06 - Rkl305 14/04/2010 11:13:23.4.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.595 [GMT 2:00] Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-14 au 2010-04-14 )))))))))))))))))))))))))))))))))))) . 2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa 2010-04-06 20:39 . 2010-04-13 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set 2010-04-06 20:39 . 2010-04-13 18:09 -------- d-----w- c:\program files\USB-set 2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp 2010-03-31 16:30 . 2010-04-14 08:50 -------- d-----w- c:\documents and settings\Rkl305\Tracing 2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-14 08:57 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-14 08:57 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-11 12:57 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities 2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google 2010-02-25 06:17 . 2009-03-13 10:27 916480 ------w- c:\windows\system32\wininet.dll 2010-02-12 10:03 . 2010-04-11 11:10 293376 ----a-w- c:\windows\system32\browserchoice.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824] "avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Utilities\\Assistant\\DSAssistant.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664] R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-14 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . . ------- Associations de fichier ------- . txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-14 11:17 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3376) c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-04-14 11:19:00 ComboFix-quarantined-files.txt 2010-04-14 09:18 ComboFix2.txt 2010-04-11 17:06 Avant-CF: 139 765 272 576 octets libres Après-CF: 139 732 357 120 octets libres - - End Of File - - 1713D53F6BAF43130AE8AB78D083D8FD Ps : j'ai resynchronisé l'heure du PC, le touchpad ne fonctionne toujours pas... -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Ok, je fais tout cela ce soir. Juste une question, j'ai installé Usb-set sur le PC et activé toute ses défenses (résident, non reconnaissance auto des supports, ...) Usb-set vaccine également l'ensemble des supports. Est ce que le Flash désinfector n'est pas redondant ? A te lire. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Et voici le fichier GMer : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-13 19:56:46 Windows 5.1.2600 Service Pack 3 Running: Rkl305.exe; Driver: C:\DOCUME~1\Rkl305\LOCALS~1\Temp\kgrcyaog.sys ---- System - GMER 1.0.15 ---- SSDT EE34E1C6 ZwCreateKey SSDT EE34E1BC ZwCreateThread SSDT EE34E1CB ZwDeleteKey SSDT EE34E1D5 ZwDeleteValueKey SSDT EE34E1DA ZwLoadKey SSDT EE34E1A8 ZwOpenProcess SSDT EE34E1AD ZwOpenThread SSDT EE34E1E4 ZwReplaceKey SSDT EE34E1DF ZwRestoreKey SSDT EE34E1D0 ZwSetValueKey SSDT EE34E1B7 ZwTerminateProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Je crois que tu en es venu à bout Cela fait plus de 10 minutes maintenant que le PC est en fonction et il n'y a plus de dossier xxxx.tmp dans le dossier Windows\temp Félicitation !!! Et surtout, Merci :P -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Maintenant, le résultat du Run Scan. Ma version n'est pas celle de ton image mais celle de l'image précédente. Je n'ai pas de case à cocher Tous les utilisateurs. J'ai pris la même configuration que dans le point 2 de ton post du dimanche 11 avril 2010 à 21h13. OTL logfile created on: 4/13/2010 6:13:08 PM - Run OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,014.00 Mb Total Physical Memory | 824.00 Mb Available Physical Memory | 81.00% Memory free 902.00 Mb Paging File | 835.00 Mb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.05 Gb Total Space | 130.08 Gb Free Space | 91.58% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 1.95 Gb Total Space | 1.62 Gb Free Space | 83.06% Space Free | Partition Type: FAT Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2009/12/24 14:54:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/12/24 14:54:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/30 11:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/12 22:49:24 | 000,024,064 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100) SRV - [2009/02/05 03:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/04/15 12:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009/12/24 14:54:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/24 14:54:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/13 04:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/03/30 05:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/02/13 07:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/01/02 13:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv) DRV - [2008/12/29 23:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2008/04/13 06:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 06:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/11/05 04:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/11/05 04:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/06/28 23:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Rkl305_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one IE - HKU\Rkl305_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: D:\Progs\LiberKey\Apps\Firefox\App\firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: D:\Progs\LiberKey\Apps\Firefox\App\firefox\plugins O1 HOSTS File: ([2010/04/10 09:59:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\Rkl305_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\Rkl305_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Rkl305_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/12 21:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/04/06 16:42:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/04/13 18:08:14 | 000,000,000 | ---D | C] -- C:\_OTL [2010/04/11 13:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/04/11 12:49:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/04/11 12:37:21 | 000,000,000 | ---D | C] -- C:\Avenger [2010/04/11 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Bureau\avenger [2010/04/11 07:10:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010/04/10 10:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Mozilla [2010/04/10 05:02:03 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/04/10 05:00:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/04/10 05:00:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/04/10 05:00:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/04/10 05:00:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/04/10 05:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/04/10 04:56:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/09 18:58:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 03:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rkl305\Recent [2010/04/09 03:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/08 13:57:51 | 000,000,000 | ---D | C] -- C:\Papa [2010/04/06 16:42:38 | 000,000,000 | R--D | C] -- C:\autorun.inf [2010/04/06 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2010/04/06 14:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Malwarebytes [2010/04/06 14:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 14:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Borland Shared [2010/03/31 13:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\Temp [2010/03/31 12:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Tracing [2010/03/31 12:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/03/31 12:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/03/13 06:27:17 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010/04/13 18:11:19 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2010/04/13 11:02:47 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/04/13 11:02:47 | 000,245,760 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/04/13 11:02:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/13 11:02:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/13 11:02:37 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2010/04/13 11:02:05 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/13 11:01:58 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys [2010/04/11 17:09:55 | 004,833,148 | -H-- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\IconCache.db [2010/04/11 17:02:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/11 13:46:04 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job [2010/04/11 13:02:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/11 12:49:02 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/11 12:41:51 | 001,099,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/11 12:41:51 | 000,502,688 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/04/11 12:41:51 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/11 12:41:51 | 000,081,816 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/04/11 12:41:51 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/11 12:27:56 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Rkl305\Bureau\avenger.zip [2010/04/11 10:11:56 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010/04/11 08:57:14 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Rkl305\Bureau\Synology Assistant.lnk [2010/04/10 09:59:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/04/10 05:02:10 | 000,000,286 | RHS- | M] () -- C:\boot.ini [2010/04/09 18:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 03:00:42 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/09 02:48:57 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/08 13:47:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/29 09:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 09:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/04/11 12:31:54 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\avenger.zip [2010/04/11 08:57:14 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\Synology Assistant.lnk [2010/04/11 07:07:00 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys [2010/04/10 13:13:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\Rkl305.exe [2010/04/10 05:02:09 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2010/04/10 05:02:06 | 000,263,488 | ---- | C] () -- C:\cmldr [2010/04/10 05:00:24 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/04/10 05:00:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/04/10 05:00:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/04/10 05:00:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/04/10 05:00:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/04/10 04:52:03 | 003,911,676 | R--- | C] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/06 13:24:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2010/04/06 13:24:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL [2010/03/31 12:21:28 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/31 12:21:28 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/06/10 14:05:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/25 00:52:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009/03/25 00:52:35 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009/03/25 00:52:35 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009/03/25 00:52:30 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009/03/12 23:32:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/12 22:36:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/03/12 21:47:23 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/03/12 21:41:20 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/11/01 11:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/11/01 11:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005/10/03 08:18:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aa_sw2_gina.dll [2005/02/17 06:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 06:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009/12/13 12:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/12 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer [2009/03/12 22:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer GameZone Console [2010/01/14 12:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\PhotoFiltre [2009/03/12 23:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Super-Cow [2009/12/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010/04/11 13:46:04 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job ========== Purity Check ========== < End of report > -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Cette fois cela semble aller mieux Le pc a démarré dès le premier test. Je te poste le résultat du RegFix : ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCIDump deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme deleted successfully. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} < Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_USERS\Rkl305_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <\ not found. ========== FILES ========== File C:\WINDOWS\system32\drivers\iaStor.sys successfully replaced with C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 393283 bytes ->Flash cache emptied: 519 bytes User: Rkl305 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5570965 bytes ->Flash cache emptied: 635 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2606936 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes Total Files Cleaned = 8.00 mb [EMPTYFLASH] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Rkl305 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.37.1 log created on 04132010_180813 -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
J'en bave. Pas moyen de redémarrer le PC avec la clef, j'ai du essayer 20 fois J'ai essayé la clef sur mon fixe et le plantage est encore plus tôt... J'ai essayé de démarrer le PC malade avec d'autres clefs que j'ai et cela marche sans problème (Katana, Ubuntu, ...) En désespoir de cause, je refais une clef sur une autre clef plus grosse. Dès que j'y arrive je reposte. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Bonsoir. Je viens d'appliquer tes instructions pour la confection de la clef USB à la lettre. Lorsque je démarre le PC malade avec la clef USB, tout à l'air d'aller bien. 1) J'ai la barre de chargement Starting Reatogo-X-PE en bas. 2) J'ai la mire de chargement d'XP 3) Très brièvement je vois une image qui je crois dit également Free REATOGO-X-PE 4) Puis vient l'écran bleu... SESSSION5_INITIALIZATION_FAILED STOP: 0x00000071 (0x00000000 (4 fois)) J'ai eu ce message 2 fois avant qu'à la 3ème le PC accepte enfin de se lancer et d'afficher le bureau Enfin bref, après cela tout a fonctionné sans soucis, voici le rapport : OTL logfile created on: 4/13/2010 12:19:41 AM - Run OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1,014.00 Mb Total Physical Memory | 823.00 Mb Available Physical Memory | 81.00% Memory free 902.00 Mb Paging File | 829.00 Mb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.05 Gb Total Space | 130.08 Gb Free Space | 91.57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 960.70 Mb Total Space | 650.22 Mb Free Space | 67.68% Space Free | Partition Type: FAT Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2009/12/24 14:54:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/12/24 14:54:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/30 11:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/12 22:49:24 | 000,024,064 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100) SRV - [2009/02/05 03:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008/11/03 20:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/04/15 12:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (catchme) DRV - [2009/12/24 14:54:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/24 14:54:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/13 04:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/03/30 05:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/24 04:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/02/13 07:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/05 06:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2009/02/03 02:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/01/02 13:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv) DRV - [2008/12/29 23:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/15 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2008/04/14 08:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 08:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2008/04/14 08:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2008/04/14 08:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2008/04/14 08:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2008/04/14 08:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2008/04/14 08:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2008/04/14 08:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2008/04/14 08:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2008/04/14 08:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2008/04/14 08:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2008/04/14 08:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2008/04/14 08:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2008/04/14 08:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2008/04/13 06:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 06:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/02/14 19:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/11/05 04:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/11/05 04:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/06/28 23:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004/12/08 02:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Rkl305_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one IE - HKU\Rkl305_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: D:\Progs\LiberKey\Apps\Firefox\App\firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: D:\Progs\LiberKey\Apps\Firefox\App\firefox\plugins O1 HOSTS File: ([2010/04/10 09:59:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\Rkl305_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\Rkl305_ON_C..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Rkl305_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Rkl305_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/12 21:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/04/06 16:42:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006/03/24 09:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/12 21:43:43 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AzMixerSel - hkey= - key= - C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: LManager - hkey= - key= - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/04/11 13:06:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/04/11 12:49:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/04/11 12:37:21 | 000,000,000 | ---D | C] -- C:\Avenger [2010/04/11 12:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Bureau\avenger [2010/04/11 07:10:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010/04/10 10:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Mozilla [2010/04/10 05:02:03 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/04/10 05:00:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/04/10 05:00:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/04/10 05:00:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/04/10 05:00:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/04/10 05:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/04/10 04:56:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/09 18:58:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 03:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rkl305\Recent [2010/04/09 03:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/08 13:57:51 | 000,000,000 | ---D | C] -- C:\Papa [2010/04/06 16:42:38 | 000,000,000 | R--D | C] -- C:\autorun.inf [2010/04/06 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2010/04/06 14:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Malwarebytes [2010/04/06 14:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 14:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Borland Shared [2010/03/31 13:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\Temp [2010/03/31 12:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Tracing [2010/03/31 12:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/03/31 12:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/03/13 06:27:17 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010/04/13 00:14:45 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2010/04/12 13:12:01 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/04/12 13:12:01 | 000,245,760 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/04/12 13:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/12 13:11:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/12 13:11:56 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2010/04/12 13:10:52 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/12 13:10:47 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys [2010/04/11 17:09:55 | 004,833,148 | -H-- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\IconCache.db [2010/04/11 17:02:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/11 13:46:04 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job [2010/04/11 13:02:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/11 12:49:02 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/11 12:41:51 | 001,099,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/11 12:41:51 | 000,502,688 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/04/11 12:41:51 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/11 12:41:51 | 000,081,816 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/04/11 12:41:51 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/11 12:27:56 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Rkl305\Bureau\avenger.zip [2010/04/11 10:11:56 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010/04/11 08:57:14 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Rkl305\Bureau\Synology Assistant.lnk [2010/04/10 09:59:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/04/10 05:02:10 | 000,000,286 | RHS- | M] () -- C:\boot.ini [2010/04/09 18:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 03:00:42 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/09 02:48:57 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/08 13:47:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/29 09:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 09:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/04/11 12:31:54 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\avenger.zip [2010/04/11 08:57:14 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\Synology Assistant.lnk [2010/04/11 07:07:00 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys [2010/04/10 13:13:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rkl305\Bureau\Rkl305.exe [2010/04/10 05:02:09 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2010/04/10 05:02:06 | 000,263,488 | ---- | C] () -- C:\cmldr [2010/04/10 05:00:24 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/04/10 05:00:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/04/10 05:00:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/04/10 05:00:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/04/10 05:00:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/04/10 04:52:03 | 003,911,676 | R--- | C] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/06 13:24:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2010/04/06 13:24:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL [2010/03/31 12:21:28 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/31 12:21:28 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/06/10 14:05:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/25 00:52:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009/03/25 00:52:35 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009/03/25 00:52:35 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009/03/25 00:52:30 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009/03/12 23:32:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/12 22:36:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/03/12 21:47:23 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/03/12 21:41:20 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/11/01 11:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/11/01 11:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005/10/03 08:18:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aa_sw2_gina.dll [2005/02/17 06:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 06:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009/12/13 12:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/12 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer [2009/03/12 22:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer GameZone Console [2010/01/14 12:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\PhotoFiltre [2009/03/12 23:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Super-Cow [2009/12/11 12:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010/04/11 13:46:04 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys [2008/04/13 06:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS [2008/04/13 06:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008/04/13 06:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008/04/14 08:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008/04/15 05:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\ACER\Preload\Autorun\DRV\Intel IMSM 945GSE\f6flpy64\IaStor.sys [2008/04/15 12:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\ACER\Preload\Autorun\DRV\Intel IMSM 945GSE\f6flpy32\IaStor.sys [2008/04/15 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys [2008/04/15 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008/04/15 12:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys [2008/04/15 05:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 08:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/06/20 13:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2010/02/25 05:47:32 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2010/02/25 02:17:32 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 08:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2008/06/17 15:02:15 | 008,517,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/03/12 22:37:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009/03/12 22:37:21 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009/03/12 22:37:20 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < CREATERESTOREPOINT > < End of report > -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Je viens de tester autre chose : J'ai renommer le fichier BOOT.INI de la clef en BOOT.INI2 Puis j'ai copié le fichier no_emul.00 sur la clef pour le renommer BOOT.INI Retour dans le PC malade et boot sur la clef. Même message du fichier hal.dll manquant. Une recherche de hal dans la clef montre que le fichier est présent plusieurs fois sur la clef et notamment ici : H:\$WIN_NT$.~LS\I386\SYSTEM32 J'ai aussi essayé de mettre le dossier i386 sur la racine de la clef mais j'ai toujours le même message sur l'absence du fichier hal.dll. J'attends tes instructions. Merci -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
J'ai encore des soucis... Je n'ai pas bien compris ton point 5. La structure de la clef USB est très différente de celle de l'ISO. J'ai : Fusionné les dossiers i386 Copié les 5 fichiers de la racine de l'Iso sur la racine de la clef Copié les dossiers PROGRAMS et SFX de l'ISO sur la racine de la clef (pas de dossier équivalent dans la clef) Je n'ai rien fait avec le dossier boot.images de l'ISO Copié le fichier d'instruction pour OTL (OTLtest.txt) sur la clef Lors du Boot sur le PC malade j'ai 2 options 2. GUI Mode Setup Windows XP, continue Setup + Start XP 1. TXT Mode Setup Windows XP, Never unplug USN-Drive untill after logon J'ai commencé par le 2 (GUI) mais il lui manque un fichier : <Racine Windows>\system32\hal.dll Le mode TXT lance l'installation de Windows puis provoque un écran bleu : STOP : 0x0000007B (0xF7A88524, 0xC0000034, 0x00000000, 0x00000000) Que faire ? -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Bonsoir. Il y a un problème majeur, le PC de ma fille est un ultra léger. Il n'a pas de lecteur de cd. Je ne peux donc le faire booter sur un CD. Par contre, il peut booter sur une clef USB. Mais il faut adapter les isos pour qu'ils puissent être bootable avec une clef USB. Je connais unetbootin mais je viens de regarder et OTLPE ne semble pas supporté. Une idée ? Merci de tous ces efforts. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Voici le rapport Combofix : ComboFix 10-04-10.02 - Rkl305 11/04/2010 18:52:21.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.717 [GMT 2:00] Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-11 au 2010-04-11 )))))))))))))))))))))))))))))))))))) . 2010-04-11 11:10 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa 2010-04-06 20:39 . 2010-04-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set 2010-04-06 20:39 . 2010-04-06 20:39 -------- d-----w- c:\program files\USB-set 2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp 2010-03-31 16:30 . 2010-04-11 16:38 -------- d-----w- c:\documents and settings\Rkl305\Tracing 2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-11 16:41 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-11 16:41 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-11 12:57 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities 2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google 2010-02-25 06:17 . 2009-03-13 10:27 916480 ------w- c:\windows\system32\wininet.dll 2010-02-11 18:56 . 2010-02-11 18:56 -------- d-----w- c:\program files\Alfa & Ariss . ((((((((((((((((((((((((((((( SnapShot@2010-04-10_09.16.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-13 10:26 . 2010-04-11 16:41 68318 c:\windows\system32\perfc009.dat - 2009-03-13 10:26 . 2010-04-10 08:51 68318 c:\windows\system32\perfc009.dat + 2009-03-13 10:26 . 2010-04-11 16:41 434032 c:\windows\system32\perfh009.dat - 2009-03-13 10:26 . 2010-04-10 08:51 434032 c:\windows\system32\perfh009.dat + 2009-03-13 10:30 . 2008-04-15 16:53 312344 c:\windows\system32\drivers\iaStor.sys - 2009-03-13 10:30 . 2010-04-03 15:09 312344 c:\windows\system32\drivers\iaStor.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824] "avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Utilities\\Assistant\\DSAssistant.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664] R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-11 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . . ------- Associations de fichier ------- . txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2808) c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . Heure de fin: 2010-04-11 19:05:56 ComboFix-quarantined-files.txt 2010-04-11 17:05 ComboFix2.txt 2010-04-10 14:05 ComboFix3.txt 2010-04-10 09:21 Avant-CF: 139 505 643 520 octets libres Après-CF: 139 586 076 672 octets libres - - End Of File - - E1F4C3E5AADCC37A44A18ECACC4E15CA = = = = = La création des dossiers se poursuit hélas Merci pour ton temps -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Le rapport Avenger : Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "c:\IaStor.sys|C:\Windows\System32\drivers\iaStor.sys" completed successfully. Completed script processing. ******************* Finished! Terminate. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Dans un mail antérieur tu m'as demandé un rapport Hijackthis. En voici un créé avec ZHPDiag : http://www.cijoint.fr/cjlink.php?file=cj20.../cijWkxBHI6.txt -
Bonjour Loup blanc J'ai le même problème que celui décrit par ticlou. J'ai essayé ton fichier, hélas sans succès => Clef déjà présente. Merci quand même
-
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Bien, j'en ai bavé, mais je crois y être arrivé... Pour faire tourner Gmer et pouvoir sauvegarder le résultat, j'ai du m'y prendre via un safe mode. Résultat de Gmer : GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-11 13:01:29 Windows 5.1.2600 Service Pack 3 Running: Rkl305.exe; Driver: C:\DOCUME~1\Rkl305\LOCALS~1\Temp\kgrcyaog.sys ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xF75A1024] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 006D000A .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 006E000A .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 006C000C .text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C1000A .text C:\WINDOWS\Explorer.EXE[812] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device -> \Driver\iaStor \Device\Harddisk0\DR0 86332618 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Sinon, j'ai réussi à voir ce qui bloque lorsque Gmer tourne : Winlogon.exe prend 50% du CPU et lsass.exe prend le reste... Le touchpad ne fonctionne plus depuis hier. La mise à jour KB977165 n'arrive pas à s'installer. Je ne sais si cela t'aide à comprendre ce qui se passe sur cette machine... Merci de ton aide. -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
gmer fait planter le PC... J'ai un bel écran bleu -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Rapport d'OTL avec le copié collé demandé : OTL logfile created on: 10/04/2010 19:07:43 - Run 2 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 576,00 Mb Available Physical Memory | 57,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142,05 Gb Total Space | 130,24 Gb Free Space | 91,69% Space Free | Partition Type: NTFS Drive D: | 148,79 Gb Total Space | 119,64 Gb Free Space | 80,41% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-454F29D87C Current User Name: Rkl305 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe PRC - [2010/04/01 20:01:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Prog\LiberKeyAmanda\Apps\Firefox\App\Firefox\firefox.exe PRC - [2010/03/10 00:07:04 | 001,077,248 | ---- | M] (LiberKey.com) -- D:\Prog\LiberKeyAmanda\LiberKeyTools\LiberKeyPortabilizer\LiberKeyPortabilizer.exe PRC - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe PRC - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe PRC - [2009/06/09 05:25:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/03/02 14:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/01 17:55:30 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe MOD - [2007/11/01 17:53:22 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/13 04:49:24 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100) SRV - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2010/04/10 18:59:18 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2009/12/24 20:54:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/24 20:54:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/13 10:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/03/30 11:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/24 10:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/02/13 13:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/05 12:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2009/02/03 08:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/01/02 19:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv) DRV - [2008/12/30 05:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2008/04/14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2008/04/14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2008/04/14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2008/04/14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2008/04/14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2008/04/14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2008/04/14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2008/04/14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2008/04/14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2008/04/14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2008/04/14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2008/04/14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2008/04/14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2008/04/13 12:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 12:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/11/05 10:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/11/05 10:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/08/27 06:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/06/29 05:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/03/31 06:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2007/03/23 03:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004/12/08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: D:\Progs\LiberKey\Apps\Firefox\App\firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: D:\Progs\LiberKey\Apps\Firefox\App\firefox\plugins [2010/04/10 16:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Mozilla\Extensions O1 HOSTS File: ([2010/04/10 15:59:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/13 03:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/04/06 22:42:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/02/09 19:07:24 | 000,000,144 | RHS- | M] () - D:\autorun.inf.Désactivé par USB-set -- [ FAT32 ] O32 - AutoRun File - [2010/04/06 22:53:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/13 03:43:43 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (69256455022182400) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Documents and Settings\Rkl305\Bureau\htrojag.dll2 [2010/04/10 19:05:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/04/10 16:12:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Mozilla [2010/04/10 16:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/04/10 11:02:03 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/04/10 11:00:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/04/10 11:00:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/04/10 11:00:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/04/10 11:00:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/04/10 11:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/04/10 10:56:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/04/10 00:58:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 09:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rkl305\Recent [2010/04/09 09:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/08 19:57:51 | 000,000,000 | ---D | C] -- C:\Papa [2010/04/06 22:42:38 | 000,000,000 | R--D | C] -- C:\autorun.inf [2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\usb-set [2010/04/06 20:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Malwarebytes [2010/04/06 20:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 20:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/04/06 20:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 19:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Borland Shared [2010/03/31 19:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\Temp [2010/03/31 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Tracing [2010/03/31 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/03/31 18:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/02/21 21:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/02/21 20:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/12/25 13:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/12/13 18:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/13 12:27:17 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009/03/13 03:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft ========== Files - Modified Within 30 Days ========== [2010/04/10 19:11:23 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job [2010/04/10 18:59:18 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys [2010/04/10 18:31:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/10 16:31:02 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/10 16:14:39 | 001,099,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/10 16:14:39 | 000,502,688 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/04/10 16:14:39 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/10 16:14:39 | 000,081,816 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/04/10 16:14:39 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/10 16:00:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/04/10 15:59:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/04/10 15:59:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/10 15:59:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/10 15:59:19 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys [2010/04/10 15:58:14 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2010/04/10 15:58:14 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2010/04/10 11:02:10 | 000,000,286 | RHS- | M] () -- C:\boot.ini [2010/04/10 10:52:24 | 003,911,419 | R--- | M] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 09:00:42 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/09 08:48:57 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/08 23:19:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010/04/08 19:47:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/06 22:39:44 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk [2010/04/06 20:20:31 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe ========== Files Created - No Company Name ========== [2010/04/10 11:02:09 | 000,000,216 | ---- | C] () -- C:\Boot.bak [2010/04/10 11:02:06 | 000,263,488 | ---- | C] () -- C:\cmldr [2010/04/10 11:00:24 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/04/10 11:00:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/04/10 11:00:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/04/10 11:00:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/04/10 11:00:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/04/10 10:52:03 | 003,911,419 | R--- | C] () -- C:\Documents and Settings\Rkl305\Bureau\ComboFix.exe [2010/04/06 22:39:44 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk [2010/04/06 20:20:31 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/04/06 19:24:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2010/04/06 19:24:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL [2010/03/31 18:21:28 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/31 18:21:28 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/06/10 20:05:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/09 05:24:57 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2009/06/09 05:24:57 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Rkl305\ntuser.dat.LOG [2009/06/09 05:24:57 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2009/06/09 05:24:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2009/06/09 05:24:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2009/03/25 06:52:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009/03/25 06:52:35 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009/03/25 06:52:35 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009/03/25 06:52:30 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009/03/13 05:32:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/13 04:36:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/03/13 03:47:23 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/03/13 03:41:20 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/11/01 17:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/11/01 17:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005/10/03 14:18:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aa_sw2_gina.dll [2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys [2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS [2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys [2008/04/13 12:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2008/04/14 14:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\i386\sp3.cab:cdrom.sys [2008/05/02 12:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\Driver Cache\i386\cdrom.sys [2008/05/02 12:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\dllcache\cdrom.sys [2008/05/02 12:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008/04/15 11:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\ACER\Preload\Autorun\DRV\Intel IMSM 945GSE\f6flpy64\IaStor.sys [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008/04/15 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\ACER\Preload\Autorun\DRV\Intel IMSM 945GSE\f6flpy32\IaStor.sys [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008/04/15 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys [2010/04/10 18:59:18 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys [2008/04/15 11:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys < MD5 for: NDIS.SYS > [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 14:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USERINIT.EXE > [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < %systemroot%\*. /mp /s > < End of report > -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
2) Rapport MBAM : Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3974 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/04/2010 17:27:21 mbam-log-2010-04-10 (17-27-21).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 164769 Temps écoulé: 1 heure(s), 7 minute(s), 51 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) = = = = La création de dossier se poursuit Pendant le scan de MBAM, Avira a trouvé un nouveau virus. Je l'ai mis en quarantaine, mais au vu des résultats des scans, je me demande s'il ne s'agit pas plutôt d'un faux positif ? http://virusscan.jotti.org/fr/scanresult/0...0b144f5b2015396 Merci de ton aide. Edit du message. Je viens de vérifier le rapport de jotti.org et, curieusement, il ne correspond pas au scan que j'ai sur mon écran. Avira et VBA32 ont trouvé un résultat positif. Antivir : 2010-04-09 TR/Crypt.XPACK.Gen VBA32 : 2010-04-08 Crafted.Win32File.OLS Pourquoi cet écart ???? = = = = = = = -
[Résolu] Dossiers xxxx.tmp créés en continu
Dersou1 a répondu à un(e) sujet de Dersou1 dans Analyses et éradication malwares
Bien : 1) Résultat de ComboFix : ComboFix 10-04-09.06 - Rkl305 10/04/2010 15:48:34.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.576 [GMT 2:00] Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Rkl305\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\system32\DRIVERS\Rts516xIR.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GETPLUSHELPER -------\Service_getPlusHelper -------\Service_Rts516xIR ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-10 au 2010-04-10 )))))))))))))))))))))))))))))))))))) . 2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa 2010-04-06 20:39 . 2010-04-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set 2010-04-06 20:39 . 2010-04-06 20:39 -------- d-----w- c:\program files\USB-set 2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp 2010-03-31 16:30 . 2010-04-10 14:00 -------- d-----w- c:\documents and settings\Rkl305\Tracing 2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-10 13:44 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 13:44 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-06 18:20 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities 2010-04-03 15:09 . 2009-03-13 10:30 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google 2010-02-25 06:17 . 2009-03-13 10:27 916480 ------w- c:\windows\system32\wininet.dll 2010-02-11 18:56 . 2010-02-11 18:56 -------- d-----w- c:\program files\Alfa & Ariss . ((((((((((((((((((((((((((((( SnapShot@2010-04-10_09.16.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-13 10:26 . 2010-04-10 13:44 68318 c:\windows\system32\perfc009.dat - 2009-03-13 10:26 . 2010-04-10 08:51 68318 c:\windows\system32\perfc009.dat + 2009-03-13 10:26 . 2010-04-10 13:44 434032 c:\windows\system32\perfh009.dat - 2009-03-13 10:26 . 2010-04-10 08:51 434032 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824] "avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664] R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . . ------- Associations de fichier ------- . txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-10 16:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86345618]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28 \Driver\ACPI -> ACPI.sys @ 0xf75f3cb8 \Driver\atapi -> atapi.sys @ 0xf75ab852 \Driver\iaStor -> iaStor.sys @ 0xf751278c IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf73e9bb0 PacketIndicateHandler -> NDIS.sys @ 0xf73d8a0d SendHandler -> NDIS.sys @ 0xf73ecb40 user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(556) c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Utilities\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe . ************************************************************************** . Heure de fin: 2010-04-10 16:05:13 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-10 14:05 ComboFix2.txt 2010-04-10 09:21 Avant-CF: 139 858 219 008 octets libres Après-CF: 139 824 926 720 octets libres - - End Of File - - 041D4E5FC0B85DDD0DA39F607702F777 Le scan de MBAM est en cours je le poste dès qu'il est dispo. Par contre, la création des dossiers xxxx.tmp se poursuit...