Aller au contenu

Utilisateur existant ? Connexion
Connexion

Se souvenir de moi Non recommandé sur les ordinateurs partagés

Mot de passe oublié ?
S’inscrire

Analyses et éradication malwares

Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

[Résolu] Dossiers xxxx.tmp créés en continu

Dersou1

Par Dersou1
le 8 avril 2010 dans Analyses et éradication malwares

Partager

https://forum.zebulon.fr/topic/175621-r%C3%A9solu-dossiers-xxxxtmp-cr%C3%A9%C3%A9s-en-continu/

Messages recommandés

Dersou1

Member

Dersou1

Posté(e) le 8 avril 2010

- Signaler

Posté(e) le 8 avril 2010 (modifié)

Bonsoir,

Ma fille m'a laissé son PC et son iPod avec comme instructions : "Vaccine nous"

J'ai passé un scan complet avec antivir, il a trouvé quelques éléments infectés, j'ai demandé la suppression.

Installation de Malwarebytes'antimalware + scan complet tout ce qui est trouvé est supprimé.

Installation de ZebHelpProcess, Diag, supression de ce qui est trouvé.

Une fois cela fait, ZebHelpProcess me dit que mon système est clean, Avira ne trouve plus rien et Malwarebytes non plus.

Hélas, Avira, de temps à autre m'informe qu'il a trouvé un virus.

Il se cache dans c:\windows\temp\xxxx.tmp

Lorsque je regarde le dossier windows\temp, je vois qu'il contient des dossiers tous nommés xxxx.tmp (xxxx = 4 lettres prises au hazard)

Il se créé une dizaine de dossier chaque 15 minutes (à peu près).

Tous ces dossiers sont vides sauf lorsqu'Avira trouve le fameux virus appelé svchost.exe qui contient un Trojan selon Avira.

Que puis je faire ?

Merci de vos aides

Modifié le 17 avril 2010 par Dersou1

Citer

WawaSeb

Godlike Member

WawaSeb

Posté(e) le 9 avril 2010

- Signaler

Posté(e) le 9 avril 2010

Bonsoir Dersou1,

*** Bienvenue sur le forum sécurité de Zebulon ! ***

==> Les symptômes que tu décris me font penser à un virus très agressif qui exige la réinstallation complète du système, mais j'aimerais vérifier...

1) Rends-toi sur ce site-ci

Clique sur "Parcourir" (comme indiqué sur le dessin)
Recherche l'un de ces fichiers.
Clique sur "Submit"
Copie-colle le rapport dans ta prochaine réponse...

*** Si le site est trop surchargé, tu peux refaire la même opération ici ("Send" à la place de "Submit")

2) Télécharge OTL de OldTimer : http://oldtimer.geekstogo.com/OTL.exe

Enregistre le fichier sur ton bureau.
Clique avec le bouton droit de la souris sur OTL.exe et choisis "Exécuter" (en tant qu'Administrateursi tu es sur Vista/7) pour le lancer (l'extension peut ne pas apparaître).
Coche la case Tous les utilisateurs comme indiqué sur l'image.
Fais de même avec Recherche Lop et Recherche Purity.
Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
Un texte s'ouvre alors (il s'appelle "OTL.txt"), c'est le rapport... que tu "copies-colles" dans ta prochaine réponse.

Note : Si le rapport (qui est sauvegardé sur le bureau) est trop long, tu peux le mettre en plusieurs messages

@ te lire,

Citer

Dersou1

Member

Dersou1

Posté(e) le 9 avril 2010

Auteur

- Signaler

Posté(e) le 9 avril 2010

Bonsoir WawaSeb et merci de bien vouloir t'interresser à mon problème.

J'ai eu quelques difficultés à analyser le fichier detecté par avira car ils ont l'air de s'autodétruire... Mème lorsque le choix est refuser l'accès.

Mais au final, j'ai attendu et lorsqu'un fichier a été détecté j'ai rapidement demandé la mise en quarantaine.

Ensuite je l'ai copié sur le bureau en rajoutant un 2 à l'extension.

1) Voici le lien permanent pour voir le résultat du scan : http://virusscan.jotti.org/fr/scanresult/2...4893a7c987d3ff9

2) Voici le résultat d'OTL en 2 fichiers :

a) OTL.txt

OTL logfile created on: 10/04/2010 00:59:16 - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-454F29D87C

Current User Name: Rkl305

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe

PRC - [2009/12/24 20:54:34 | 000,470,785 | ---- | M] (Avira GmbH) -- c:\Program Files\Utilities\Avira\AntiVir Desktop\avcenter.exe

PRC - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe

PRC - [2009/06/09 05:25:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/03/02 14:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/02/20 13:24:42 | 000,271,617 | ---- | M] (Avira GmbH) -- c:\Program Files\Utilities\Avira\AntiVir Desktop\avconfig.exe

PRC - [2009/02/11 16:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe

PRC - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe

PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/01 17:55:30 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (SafeList) ==========

MOD - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe

MOD - [2007/11/01 17:53:22 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

MOD - [2007/11/01 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/12/01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/03/13 04:49:24 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100)

SRV - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/04/03 17:09:10 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2009/12/24 20:54:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/12/24 20:54:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/11/13 10:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2009/03/30 11:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/24 10:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/02/13 13:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/02/05 12:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009/02/03 08:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/01/02 19:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)

DRV - [2008/12/30 05:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/04/14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2008/04/14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2008/04/14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2008/04/14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2008/04/14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2008/04/14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2008/04/14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2008/04/14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2008/04/14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2008/04/14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2008/04/14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2008/04/14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2008/04/14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2008/04/14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2008/04/13 12:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 12:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007/11/05 10:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007/11/05 10:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007/08/27 06:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007/06/29 05:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007/03/31 06:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2007/03/23 03:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004/12/08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus//?a...d=20435&ref

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus//?a...d=20435&ref

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one

IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: D:\Progs\LiberKey\Apps\Firefox\App\firefox\components

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: D:\Progs\LiberKey\Apps\Firefox\App\firefox\plugins

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [uSB-Set] File not found

O4 - HKU\S-1-5-21-1417066420-598665437-137508776-1005..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)

O4 - HKU\S-1-5-21-1417066420-598665437-137508776-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/13 03:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/04/06 22:42:39 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 00:58:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe

[2010/04/09 09:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rkl305\Recent

[2010/04/09 09:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/04/08 19:57:51 | 000,000,000 | ---D | C] -- C:\Papa

[2010/04/06 22:42:38 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set

[2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\usb-set

[2010/04/06 20:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Malwarebytes

[2010/04/06 20:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/06 20:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/04/06 20:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/06 19:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Borland Shared

[2010/03/31 19:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\Temp

[2010/03/31 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Tracing

[2010/03/31 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/03/31 18:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/02/21 21:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/02/21 20:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2009/12/25 13:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/12/13 18:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/03/13 12:27:17 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

[2009/03/13 03:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/10 01:03:18 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job

[2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe

[2010/04/10 00:50:26 | 001,099,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/10 00:50:26 | 000,502,688 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2010/04/10 00:50:26 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/10 00:50:26 | 000,081,816 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2010/04/10 00:50:26 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/10 00:46:11 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/04/10 00:46:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/04/10 00:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/04/10 00:46:04 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys

[2010/04/09 09:39:26 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT

[2010/04/09 09:39:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Rkl305\ntuser.ini

[2010/04/09 09:31:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/04/09 09:00:42 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/04/09 08:48:57 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/04/08 23:19:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2010/04/08 19:47:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/04/06 22:39:44 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk

[2010/04/06 20:20:31 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/04/03 17:09:10 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys

[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/04/06 22:39:44 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk

[2010/04/06 20:20:31 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/04/06 19:24:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET

[2010/04/06 19:24:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL

[2010/03/31 18:21:28 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/31 18:21:28 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Video .lnk

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Pictures .lnk

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Passwords .lnk

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\New Folder .lnk

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Music .lnk

[2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Documents .lnk

[2010/03/03 22:30:15 | 000,000,144 | RHS- | C] () -- C:\Documents and Settings\Rkl305\autorun.inf

[2009/06/10 20:05:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/09 05:24:57 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT

[2009/06/09 05:24:57 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Rkl305\ntuser.dat.LOG

[2009/06/09 05:24:57 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Rkl305\ntuser.ini

[2009/06/09 05:24:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2009/06/09 05:24:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

[2009/03/25 06:52:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll

[2009/03/25 06:52:35 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys

[2009/03/25 06:52:35 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

[2009/03/25 06:52:30 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini

[2009/03/13 05:32:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/13 04:36:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/13 03:47:23 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/13 03:41:20 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/11/01 17:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2007/11/01 17:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2005/10/03 14:18:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aa_sw2_gina.dll

[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console

[2009/03/13 05:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi

[2010/04/10 00:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\usb-set

[2009/03/13 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer

[2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer GameZone Console

[2009/03/13 05:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Super-Cow

[2009/12/13 18:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/03/13 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer

[2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer GameZone Console

[2010/01/14 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\PhotoFiltre

[2009/03/13 05:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Super-Cow

[2009/12/11 18:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/04/10 01:03:18 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job

========== Purity Check ==========

< End of report >

Citer

Dersou1

Member

Dersou1

Posté(e) le 9 avril 2010

Auteur

- Signaler

Posté(e) le 9 avril 2010

b) Extras.Txt

OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-454F29D87C

Current User Name: Rkl305

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.ini [@ = inifile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call

"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam

"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail

"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}%

b) Extras.Txt

OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-454F29D87C

Current User Name: Rkl305

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.ini [@ = inifile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call

"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam

"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail

"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}%

Citer

Dersou1

Member

Dersou1

Posté(e) le 9 avril 2010

Auteur

- Signaler

Posté(e) le 9 avril 2010

Il manque la fin du rapport :

b) Extras.Txt

OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1

OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER-454F29D87C

Current User Name: Rkl305

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

.ini [@ = inifile] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call

"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works

"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam

"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail

"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B92B9

Il manque la fin du rapport :

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"Acer Screensaver" = Acer ScreenSaver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALUpdate_is1" = ALTools Update

"ALZip_is1" = ALZip

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Goog

Il manque la fin du rapport :

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"Acer Screensaver" = Acer ScreenSaver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALUpdate_is1" = ALTools Update

"ALZip_is1" = ALZip

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Google Desktop%2

Suite du rapport :

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform

"Acer Screensaver" = Acer ScreenSaver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALUpdate_is1" = ALTools Update

"ALZip_is1" = ALZip

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Google Desktop" = Google Desktop

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SecureW2 Client" = SecureW2 Client 3.1.2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"WinLiveSuite_Wave3" = Installation Windows Live

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Zeb Help Process_is1" = ZebHelpProcess 2.34

Citer

Dersou1

Member

Dersou1

Posté(e) le 10 avril 2010

Auteur

- Signaler

Posté(e) le 10 avril 2010

Hum, j'ai du mal à copier les rapports très longs.

Je les ai sauvés sous cijoint.fr

1) OTL

http://www.cijoint.fr/cjlink.php?file=cj20.../cijEb1N5Yc.txt

2) Extra

http://www.cijoint.fr/cjlink.php?file=cj20.../cij58hj80A.txt

Voila.

Citer

WawaSeb

Godlike Member

WawaSeb

Posté(e) le 10 avril 2010

- Signaler

Posté(e) le 10 avril 2010

Bonsoir Dersou1,

*** Les fichiers .TMP n'apparaissent pas dans ces rapports... ***

... ce qui signifie que l'infection utilise probablement des techniques de rootkit pour passer inaperçue !

En outre, le scan en ligne détecte mal ce qui pourrait être une méthode de ré/sur-infection avancée...

Il me fait penser à la dernière crasse que j'ai eu la chance de récupérer sur un pc de test.

# Télécharge Combofix de sUBs

Enregistre-le impérativement sur ton bureau.
Prends connaissance du tutoriel suivant : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
Déconnecte-toi du net et désactive ton antivirus pendant la procédure.
Ferme toutes les fenêtres.
Double-clique sur combofix.exe
Clique sur "Oui" pour accepter la limitation de garantie !
--> Si ton pare-feu te demande d'autoriser nircmd.cfexe, accepte.
--> Si ComboFix te demande d'installer la console de récupération, accepte (YES, puis OUI), c'est TRES IMPORTANT !
Lance le scan (ne clique pas sur la fenêtre qui s'ouvre).
A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton / tes prochain(s) message(s) (C:\Combofix.txt)

Avertissement important : Cet outil n'est pas un antimalware's généraliste ! Il ne peut être utilisé que par des personnes qualifiées...

Bonne nuit à toi,

89898604@N00.jpg

Citer

Dersou1

Member

Dersou1

Posté(e) le 10 avril 2010

Auteur

- Signaler

Posté(e) le 10 avril 2010

Bonjour WawaSab.

Les dossiers .tmp sont vides.

Lorsque Avira détecte quelque chose, il faut se dépecher pour le capturer, sinon ils s'autodétruisent...

Voila le rapport ComboFix.

ComboFix 10-04-09.06 - Rkl305 10/04/2010 11:03:47.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.673 [GMT 2:00]

Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users.\documents\settings

c:\documents and settings\Rkl305\autorun.inf

c:\documents and settings\Rkl305\Documents .lnk

c:\documents and settings\Rkl305\Music .lnk

c:\documents and settings\Rkl305\New Folder .lnk

c:\documents and settings\Rkl305\Passwords .lnk

c:\documents and settings\Rkl305\Pictures .lnk

c:\documents and settings\Rkl305\Video .lnk

c:\windows\system32\gsntcji.dll

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_kclegkgs

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-10 au 2010-04-10 ))))))))))))))))))))))))))))))))))))

.

2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa

2010-04-06 20:39 . 2010-04-10 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set

2010-04-06 20:39 . 2010-04-06 20:39 -------- d-----w- c:\program files\USB-set

2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes

2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared

2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp

2010-03-31 16:30 . 2010-04-10 09:15 -------- d-----w- c:\documents and settings\Rkl305\Tracing

2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-10 08:51 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-10 08:51 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight

2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-06 18:20 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities

2010-04-03 15:09 . 2009-03-13 10:30 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google

2010-02-25 06:17 . 2009-03-13 10:27 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-11 18:56 . 2010-02-11 18:56 -------- d-----w- c:\program files\Alfa & Ariss

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USB-Set"="wscript" [X]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]

"avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]

backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]

M3000Rmv.dll [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664]

R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenu du dossier 'Tâches planifiées'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21]

2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one

uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

.

------- Associations de fichier -------

.

txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1"

inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1"

.

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{9E1CE04F-0CC2-4D9D-91B4-B1A63833DB59} - c:\windows\system32\gsntcji.dll

ShellIconOverlayIdentifiers-{9E1CE04F-0CC2-4D9D-91B4-B1A63833DB59} - c:\windows\system32\gsntcji.dll

AddRemove-Mozilla Firefox (2.0.0.20) - d:\progs\LiberKey\Apps\Firefox\App\firefox\uninstall\helper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-10 11:15

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86305618]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28

\Driver\ACPI -> ACPI.sys @ 0xf75f3cb8

\Driver\atapi -> atapi.sys @ 0xf75ab852

\Driver\iaStor -> iaStor.sys @ 0xf751278c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf73e9bb0

PacketIndicateHandler -> NDIS.sys @ 0xf73d8a0d

SendHandler -> NDIS.sys @ 0xf73ecb40

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(776)

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Utilities\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wscript.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2010-04-10 11:21:03 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-10 09:20

Avant-CF: 139 939 016 704 octets libres

Après-CF: 139 855 806 464 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 17862721AAC97AF77122B838BD6CED9B

Le dossier Windows\Temp a été vidé pendant l'opération ComboFix mais la création de dossiers continue actuellement.

J'attends la suite de tes instructions.

Merci encore

Citer

WawaSeb

Godlike Member

WawaSeb

Posté(e) le 10 avril 2010

- Signaler

Posté(e) le 10 avril 2010

Bonjour Dersou1,

*** Ton PC est encore infecté, effectivement... ***

1) Exécutons ce petit script pour corriger les éléments restants :

Déconnecte-toi du net et désactive ton antivirus (juste le temps de la procédure !)
Ouvre le bloc-note et colles-y les lignes écrites en citation ci-dessous :
KillAll::

Extra::

MBR::

Driver::
Rts516xIR
getPlusHelper

File::
c:\windows\system32\DRIVERS\Rts516xIR.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB-Set"=-
* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le ré-utiliser dans d'autres cas !
Enregistre-le en lui donnant le nom CFScript
Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe (les extensions peuvent être invisibles)
Poste le résultat et un nouveau rapport HijackThis !

2) Télécharge Malwarebytes' Anti-Malware (MBAM)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Installe le programme avec les options par défaut et assure-toi que les deux cases sont bien cochées comme indiqué sur le dessin : si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complet"
Sélectionne tous tes disques et clique sur Lancer l'examen.
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

==> Ce dernier scan va me permettre de vérifier que tout est en ordre !

Bon travail !

Citer

Dersou1

Member

Dersou1

Posté(e) le 10 avril 2010

Auteur

- Signaler

Posté(e) le 10 avril 2010

Bien :

1) Résultat de ComboFix :

ComboFix 10-04-09.06 - Rkl305 10/04/2010 15:48:34.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.576 [GMT 2:00]

Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Rkl305\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::

"c:\windows\system32\DRIVERS\Rts516xIR.sys"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GETPLUSHELPER

-------\Service_getPlusHelper

-------\Service_Rts516xIR

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-10 au 2010-04-10 ))))))))))))))))))))))))))))))))))))

.

2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa

2010-04-06 20:39 . 2010-04-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set

2010-04-06 20:39 . 2010-04-06 20:39 -------- d-----w- c:\program files\USB-set

2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes

2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared

2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp

2010-03-31 16:30 . 2010-04-10 14:00 -------- d-----w- c:\documents and settings\Rkl305\Tracing

2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-10 13:44 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-10 13:44 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat

2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight

2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-06 18:20 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities

2010-04-03 15:09 . 2009-03-13 10:30 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google

2010-02-25 06:17 . 2009-03-13 10:27 916480 ------w- c:\windows\system32\wininet.dll

2010-02-11 18:56 . 2010-02-11 18:56 -------- d-----w- c:\program files\Alfa & Ariss

.

((((((((((((((((((((((((((((( SnapShot@2010-04-10_09.16.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-13 10:26 . 2010-04-10 13:44 68318 c:\windows\system32\perfc009.dat

- 2009-03-13 10:26 . 2010-04-10 08:51 68318 c:\windows\system32\perfc009.dat

+ 2009-03-13 10:26 . 2010-04-10 13:44 434032 c:\windows\system32\perfh009.dat

- 2009-03-13 10:26 . 2010-04-10 08:51 434032 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]

"avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]

backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568]

R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664]

R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenu du dossier 'Tâches planifiées'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21]

2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one

uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

.

------- Associations de fichier -------

.

txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1"

inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1"

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-10 16:00

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86345618]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28

\Driver\ACPI -> ACPI.sys @ 0xf75f3cb8

\Driver\atapi -> atapi.sys @ 0xf75ab852

\Driver\iaStor -> iaStor.sys @ 0xf751278c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf73e9bb0

PacketIndicateHandler -> NDIS.sys @ 0xf73d8a0d

SendHandler -> NDIS.sys @ 0xf73ecb40

user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(556)

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\eappprxy.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Utilities\Avira\AntiVir Desktop\avguard.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

.

**************************************************************************

.

Heure de fin: 2010-04-10 16:05:13 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-10 14:05

ComboFix2.txt 2010-04-10 09:21

Avant-CF: 139 858 219 008 octets libres

Après-CF: 139 824 926 720 octets libres

- - End Of File - - 041D4E5FC0B85DDD0DA39F607702F777

Le scan de MBAM est en cours je le poste dès qu'il est dispo.

Par contre, la création des dossiers xxxx.tmp se poursuit...

Citer

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

×

https://forum.zebulon.fr/topic/175621-r%C3%A9solu-dossiers-xxxxtmp-cr%C3%A9%C3%A9s-en-continu/

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

×

×

Créer...