[Résolu] PC portable infecté

[Fabi41]

Bonjour,

 

je suis nouveau sur ce site et souhaite de l'aide car j'ai des virus sur mon pc portable.

 

J'ai fais un scan Hijackthis que je poste ci-dessous.

 

Merci de votre aide.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:11:51 PM, on 11/16/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\FarStone Total Recovery Pro\Client\cbp\DCSchdler.exe

C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\OCS Inventory Agent\ocsservice.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\PrintDisp.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CrazyLoader\spointer\crazyloader_air.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Documents and Settings\AdmTmp\Local Settings\Temporary Internet Files\Content.IE5\8HA72XE3\HiJackThis[1].exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adminws-nl/

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Interest recogniser for Crazyloader (powered by Spointer) - {C5F65718-341D-4e7d-9842-FCB9CC89527E} - C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - (no file)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O17 - HKLM\Software\..\Telephony: DomainName = we.ad-root.biz

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = we.ad-root.biz,ad-root.biz,ad-bau.gbl,sap.ad-bau.gbl,bs.ad-bau.gbl

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = we.ad-root.biz,ad-root.biz,ad-bau.gbl,sap.ad-bau.gbl,bs.ad-bau.gbl

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = we.ad-root.biz,ad-root.biz,ad-bau.gbl,sap.ad-bau.gbl,bs.ad-bau.gbl

O23 - Service: DCScheduler - Unknown owner - C:\Program Files\FarStone Total Recovery Pro\Client\cbp\DCSchdlerSRVC.exe

O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - Error - C:\Program Files\OCS Inventory Agent\ocsservice.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

 

--

End of file - 11167 bytes

Modifié le 23 novembre 2010 par Fabi41

[bernard53]

bonjour et Bienvenue

 

fait ceci.

 

** Télécharge ToolBar-S&D (D'Angeldark, Sham_Rock & XmichouX) sur ton bureau.

 

Double-clique sur l'icône afin de lancer l’installation.

 

Une fois installé, un raccourci sera ajouté sur le Bureau. Double-clique dessus pour démarrer l’outil.

 

dans la fenêtre qui s'ouvre, pour le langue tape "F" >> Appuis un fois sur la touche "entrer"

 

dans la fenêtre qui s'ouvre fais le choix N°2 (Suppression) >> Appuis une fois sur la touche "entrer"

 

** Poste le rapport généré : (C:\TB.txt)

 

Ensuite ceci.

 

Installe Malewarebytes' Antimalware,

Téléchargement

 

 

 

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) → cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.

[Fabi41]

Je te remercie de vouloir m'aider.

 

Je n'arrive pas à télécharger le logiciel que tu m'as proposé. Mon système le bloque ???

[Fabi41]

voici le résultat après un scan avec Toolbar SD ...... merc i de ton aide ....

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T7500 @ 2.20GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11

USER : AdmTmp ( Administrator )

BOOT : Fail-safe boot

Antivirus : McAfee VirusScan Enterprise 8.7.0.570 (Activated)

C:\ (Local Disk) - NTFS - Total:36 Go (Free:21 Go)

D:\ (Local Disk) - NTFS - Total:38 Go (Free:23 Go)

E:\ (CD or DVD)

F:\ (USB) - FAT - Total:247 Mo (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( Tue 11/16/2010|14:21 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts\Data

Supprime! - C:\DOCUME~1\AdmTmp\Cookies\admtmp@mywebsearch[2].txt

Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - Tue 11/16/2010|14:22 - Option : [2]

 

-----------\\ Fin du rapport a 14:22:10.34

 

 

 

 

bonjour et Bienvenue

 

fait ceci.

 

** Télécharge ToolBar-S&D (D'Angeldark, Sham_Rock & XmichouX) sur ton bureau.

 

Double-clique sur l'icône afin de lancer l’installation.

 

Une fois installé, un raccourci sera ajouté sur le Bureau. Double-clique dessus pour démarrer l’outil.

 

dans la fenêtre qui s'ouvre, pour le langue tape "F" >> Appuis un fois sur la touche "entrer"

 

dans la fenêtre qui s'ouvre fais le choix N°2 (Suppression) >> Appuis une fois sur la touche "entrer"

 

** Poste le rapport généré : (C:\TB.txt)

 

Ensuite ceci.

 

Installe Malewarebytes' Antimalware,

Téléchargement

 

 

 

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

[Fabi41]

voici maintenant le résultat après analyse avec Malwaresbytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4052

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

11/16/2010 3:52:30 PM

mbam-log-2010-11-16 (15-52-30).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 214619

Temps écoulé: 1 heure(s), 24 minute(s), 13 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\Chupinf\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

voici le résultat après un scan avec Toolbar SD ...... merc i de ton aide ....

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T7500 @ 2.20GHz )

BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11

USER : AdmTmp ( Administrator )

BOOT : Fail-safe boot

Antivirus : McAfee VirusScan Enterprise 8.7.0.570 (Activated)

C:\ (Local Disk) - NTFS - Total:36 Go (Free:21 Go)

D:\ (Local Disk) - NTFS - Total:38 Go (Free:23 Go)

E:\ (CD or DVD)

F:\ (USB) - FAT - Total:247 Mo (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( Tue 11/16/2010|14:21 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts\Data

Supprime! - C:\DOCUME~1\AdmTmp\Cookies\admtmp@mywebsearch[2].txt

Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - Tue 11/16/2010|14:22 - Option : [2]

 

-----------\\ Fin du rapport a 14:22:10.34

[bernard53]

Très bien comment va ton pc maintenant?

[Fabi41]

VirusScan détecte W32/NGVCK pour les fichiers suivants :

 

mbammgr.exe

iexplorermgr.exe

wordpad.exe

wmplayer.exe

setup_wm.exe

jqmgr.exe

iedw.exe

 

pour l'application c:\\windows\system32\svhost.exe

 

 

est-ce grave ? que faire ?

 

Merci encore

[bernard53]

Fait ceci pour voir plus.

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

vstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

http://www.cijoint.fr/index.php

[Fabi41]

voici le résultat du scal OTL :

 

 

OTL logfile created on: 16/11/2010 21:04:40 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chupinf\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 36,00 Gb Total Space | 21,24 Gb Free Space | 58,99% Space Free | Partition Type: NTFS

Drive D: | 38,41 Gb Total Space | 23,64 Gb Free Space | 61,56% Space Free | Partition Type: NTFS

 

Computer Name: NBUR329 | User Name: ChupinF | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Chupinf\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\CrazyLoader\spointer\crazyloader_air.exe (Crazyloader)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Chupinf\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

 

========== Driver Services (SafeList) ==========

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 4A C9 76 FE 63 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Interest recogniser for Crazyloader (powered by Spointer)) - {C5F65718-341D-4e7d-9842-FCB9CC89527E} - C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll (Crazyloader)

O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Chupinf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chupinf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell - "" = AutoRun

O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell - "" = AutoRun

O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)

O34 - HKLM BootExecute: (ootExecute settings...) - File not found

O34 - HKLM BootExecute: (ount) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/11/16 21:03:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chupinf\Desktop\OTL.exe

[2010/11/16 19:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Malwarebytes

[2010/11/16 19:16:44 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe

[2010/11/16 15:57:03 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe

[2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo

[2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis

[2010/11/16 08:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chupinf\Recent

[2010/11/16 08:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\AVERT

[2010/11/16 07:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\PCFix

[2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/12 14:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix

[2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint

[2010/11/08 20:59:40 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe

[2010/11/08 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Iceni

[2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995

[2010/11/08 16:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter

[2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft

[2010/11/07 20:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager

[2010/11/07 20:15:42 | 000,115,200 | ---- | C] (http://www.howtosavevideo.com) -- C:\WINDOWS\System32\VistaHlpr.dll

[2010/11/07 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\SaveVideo plugin For IE

[2010/11/07 20:11:36 | 004,680,289 | ---- | C] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe

[2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll

[2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe

[2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe

[2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp

[2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe

[2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe

[2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe

[2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe

[2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF

[2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell

[2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni

[2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni

[2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/02 10:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Apple Computer

[2010/11/02 10:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Apple Computer

[2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn

[2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe

[2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot

[2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources

[2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider

[2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone

[2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro

[2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla

[2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/10/27 09:38:59 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe116.dll

[2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared

[2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/11/16 21:05:27 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/16 21:05:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job

[2010/11/16 21:03:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chupinf\Desktop\OTL.exe

[2010/11/16 21:01:19 | 000,817,050 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg

[2010/11/16 21:01:01 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job

[2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job

[2010/11/16 21:00:20 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe

[2010/11/16 19:18:17 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/16 19:18:17 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/16 19:16:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe

[2010/11/16 17:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 14:18:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 11:25:20 | 000,000,186 | ---- | M] () -- C:\WINDOWS\tasks\PCFix.job

[2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010/11/16 08:40:53 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat

[2010/11/16 08:13:22 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job

[2010/11/12 14:34:01 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Fix 2010.lnk

[2010/11/12 14:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache

[2010/11/11 21:42:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat

[2010/11/11 21:20:09 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk

[2010/11/08 21:01:55 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Google Chrome.lnk

[2010/11/08 21:01:55 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/08 20:59:43 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe

[2010/11/08 20:54:53 | 000,000,025 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/08 20:54:48 | 002,684,312 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe

[2010/11/08 16:35:37 | 003,014,282 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip

[2010/11/07 20:11:41 | 004,680,289 | ---- | M] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe

[2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin

[2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1

[2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini

[2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk

[2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern

[2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini

[2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 09:38:59 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe116.dll

[2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/10/27 08:21:00 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk

[2010/10/27 08:20:05 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/11/16 21:00:43 | 000,817,050 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg

[2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 11:25:17 | 000,000,186 | ---- | C] () -- C:\WINDOWS\tasks\PCFix.job

[2010/11/16 08:40:53 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat

[2010/11/12 14:34:01 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Fix 2010.lnk

[2010/11/12 14:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache

[2010/11/11 21:42:23 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/11 21:42:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat

[2010/11/08 20:54:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/08 20:54:35 | 002,684,312 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe

[2010/11/08 16:35:31 | 003,014,282 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip

[2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll

[2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe

[2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe

[2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav

[2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV

[2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV

[2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk

[2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1

[2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini

[2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk

[2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR

[2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin

[2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini

[2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys

[2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern

[2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init

[2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO

[2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN

[2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN

[2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys

[2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat

[2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/27 08:21:00 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk

[2010/10/27 08:19:45 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI

[2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2010/08/31 16:27:25 | 000,008,106 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\config

[2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/08/26 12:58:41 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del

[2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\sysgtime.dll

[2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

 

< End of report >

 

voici le résultat extras OTL

 

OTL Extras logfile created on: 16/11/2010 21:04:40 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chupinf\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 36,00 Gb Total Space | 21,24 Gb Free Space | 58,99% Space Free | Partition Type: NTFS

Drive D: | 38,41 Gb Total Space | 23,64 Gb Free Space | 61,56% Space Free | Partition Type: NTFS

 

Computer Name: NBUR329 | User Name: ChupinF | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57

"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74449814-B2A1-41FB-890C-60CF2FD0DA96}" = FarStone Total Recovery 7 Pro

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{8F094FCD-3085-4145-9D30-F7808995AFAC}_is1" = Save Video plugin for IE (ver. 4)

"{8F5C2A7E-DE9E-4642-AD0F-E29FE903422A}" = Autodesk DWF Writer 4.0

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack

"{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack

"{901E0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Italian User Interface Pack

"{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack

"{901E0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Spanish User Interface Pack

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DA3DCA9-42C4-48F3-AD00-8C0692FE756B}" = PathExtention

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader

"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13

"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service

"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.08

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Autodesk Design Review 2011" = Autodesk Design Review 2011

"CCleaner" = CCleaner

"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)

"CrazyLoader" = CrazyLoader

"DWG TrueView 2010" = DWG TrueView 2010

"ESET Online Scanner" = ESET Online Scanner v3

"FileASSASSIN" = FileASSASSIN

"GIF Animator" = Microsoft GIF Animator

"Greatis Reanimator_is1" = RegRun Reanimator

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Internet Download Manager" = Internet Download Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OCS Inventory Agent" = OCS Inventory Agent 4.0.3.2

"PC Fix 2010_is1" = PCFix

"PDFZilla_is1" = PDFZilla V1.2.9

"Restorer Ultimate_is1" = Restorer Ultimate 6.0

"Update Service" = Sony Ericsson Update Service

"Utherverse 3D Client" = Utherverse 3D Client

"VLC media player" = VLC media player 1.1.4

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Player" = Windows Media Player 11

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{22622180-65A2-11DB-6784-00953B2F18BE}" = LoveChess Age Of Egypt Demo

"{7EACD785-823D-4D1B-9A5E-85FACAF5DFB3}_is1" = Oxin's Style! 3D Sexvilla 2.055.001

"{A44BD8D0-DA93-11DE-6784-016F7F2518BE}" = LoveChess The Greek Era (Free)

"AIDA32_is1" = AIDA32 v3.93

"Google Chrome" = Google Chrome

"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional

 

========== Last 10 Event Log Errors ==========

 

Error: Unable to start EventLog service!

 

< End of report >

[bernard53]

je mets ma procédure en place et te donne de mes nouvelles au plus tôt.

Pas d'inquiétude je ne t'oublies pas.