[Résolu] PC portable infecté

Fabi41 · le 18 novembre 2010

Je suis en mode sans échec et donc pas d'alertes avec ce mode.

Je passe en mode normal et t'informe du comportement de mon pc portable.

très bien supprimes les deux fichiers zip que tu viens de faire

c:\windows\system32\userinitmgr.zip

c:\windows\Explorermgr.zip

dis moi si ton pc va mieux cette fois.

Bien sur si tu as une alerte note bien l'adresse de détection car possible qu'elle soit dans la backup de combofix.

Fabi41 · le 18 novembre 2010

J'ai toujours ces mêmes alertes :

wmplayer.exe et setup_wm.exe dans le répertoire c:\Program Files\Windows Media Player détecté W32/NGVCK

????

Je suis en mode sans échec et donc pas d'alertes avec ce mode.

Je passe en mode normal et t'informe du comportement de mon pc portable.

Fabi41 · le 18 novembre 2010

de plus en mode normal, OTL est systhématiquement supprimé par mon antivirus ???

bernard53 · le 18 novembre 2010

de plus en mode normal, OTL est systhématiquement supprimé par mon antivirus ???

deux choses alors.

1-supprimes carrement ce dossier. c:\Program Files\Windows Media Player

tu pourras tout simplement refaire un nouveau téléchargent après quand tout sera plus clean.

Attention commence la suppression avant par ajout suppression de programmes.

ensuite supprimes OTL puis nouveau téléchargemnt de OTL .

* Télécharge >> OTL <<sur ton bureau.

si ton anivirus le supprimes, tu le désactives juste le temps du passage de OTL.

Fabi41 · le 18 novembre 2010

voici le nouveau rapport otl en mode normal

OTL logfile created on: 11/18/2010 10:24:20 PM - Run 4

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\AdmTmp\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 36.00 Gb Total Space | 21.41 Gb Free Space | 59.47% Space Free | Partition Type: NTFS

Drive D: | 38.41 Gb Total Space | 23.65 Gb Free Space | 61.57% Space Free | Partition Type: NTFS

Drive E: | 77.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NBUR329 | User Name: AdmTmp | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)

PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe File not found

SRV - (Tran_Process_Proc) -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe File not found

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found

SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File not found

SRV - (OCS INVENTORY) -- C:\Program Files\OCS Inventory Agent\ocsservice.exe File not found

SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe File not found

SRV - (FBAgent) -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe File not found

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll ()

SRV - (DCScheduler) -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe ()

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)

SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (SAVOnAccessFilter) -- C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys File not found

DRV - (SAVOnAccessControl) -- C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys File not found

DRV - (DVDRC) -- C:\WINDOWS\System32\drivers\DVDRC.sys File not found

DRV - (catchme) -- C:\DOCUME~1\AdmTmp\LOCALS~1\Temp\catchme.sys File not found

DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software)

DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software)

DRV - (FARMNTIO) -- C:\WINDOWS\system32\drivers\FarMntIo.sys ()

DRV - (dcsnap) -- C:\WINDOWS\System32\drivers\dcsnap.sys ()

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)

DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/11/18 21:31:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)

O4 - HKLM..\RunOnce: [WMC_0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe ()

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/11/17 10:04:14 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2010/11/17 10:04:13 | 000,000,071 | R--- | M] () - E:\AUTORUN_USB.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 22:23:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe

[2010/11/18 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore

[2010/11/18 21:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/11/18 21:33:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe

[2010/11/18 21:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/18 20:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent

[2010/11/18 20:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em

[2010/11/18 20:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em

[2010/11/18 20:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe

[2010/11/18 19:48:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/18 11:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/18 11:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/18 11:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/18 11:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/18 11:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/18 11:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/18 11:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/16 22:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT

[2010/11/16 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!

[2010/11/16 14:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes

[2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help

[2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help

[2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo

[2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 08:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2

[2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis

[2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/12 14:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix

[2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint

[2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995

[2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft

[2010/11/07 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads

[2010/11/07 20:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache

[2010/11/03 18:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni

[2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll

[2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe

[2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe

[2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp

[2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe

[2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe

[2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe

[2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe

[2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF

[2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell

[2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni

[2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni

[2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni

[2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell

[2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/02 17:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn

[2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe

[2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot

[2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources

[2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider

[2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone

[2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro

[2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/27 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3

[2010/10/27 12:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc

[2010/10/27 12:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP

[2010/10/27 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs

[2010/10/27 12:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe

[2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla

[2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/10/27 09:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia

[2010/10/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe

[2010/10/27 09:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE

[2010/10/27 09:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air

[2010/10/27 09:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony

[2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts

[2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go

[2010/10/27 09:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos

[2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared

[2010/10/27 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations

[2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation

[2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/10/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun

[2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010/10/27 09:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple

[2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010/10/27 09:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer

[2010/10/27 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony

[2010/10/27 09:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson

[2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2010/10/27 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio

[2010/10/27 09:31:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\IETldCache

[2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 22:31:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/18 22:30:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job

[2010/11/18 22:24:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe

[2010/11/18 22:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys

[2010/11/18 22:09:45 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk

[2010/11/18 22:01:04 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job

[2010/11/18 21:56:18 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/18 21:56:18 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/18 21:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 21:50:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/18 21:33:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe

[2010/11/18 21:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/18 20:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk

[2010/11/18 20:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe

[2010/11/18 19:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe

[2010/11/18 11:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/18 07:44:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job

[2010/11/16 21:18:58 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk

[2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job

[2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 13:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe

[2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/11/16 13:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 13:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk

[2010/11/16 12:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache

[2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 09:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk

[2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010/11/08 21:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk

[2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk

[2010/11/08 21:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin

[2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1

[2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini

[2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk

[2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern

[2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini

[2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 10:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/10/27 09:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/27 09:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/18 22:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys

[2010/11/18 22:09:45 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk

[2010/11/18 21:33:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/18 20:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk

[2010/11/18 19:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe

[2010/11/18 11:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak

[2010/11/18 11:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr

[2010/11/18 11:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/18 11:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/18 11:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/18 11:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/18 11:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/16 21:18:58 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk

[2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 14:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe

[2010/11/16 13:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 13:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk

[2010/11/16 12:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache

[2010/11/16 08:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk

[2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll

[2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe

[2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe

[2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav

[2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV

[2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV

[2010/11/03 18:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk

[2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk

[2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1

[2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini

[2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk

[2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR

[2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin

[2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini

[2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys

[2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern

[2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init

[2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO

[2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN

[2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN

[2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys

[2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat

[2010/10/27 12:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/27 10:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/10/27 09:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI

[2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/06/29 13:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del

[2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

< End of report >

bernard53 · le 19 novembre 2010

OK fait ceci.

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe File not found

DRV - (SAVOnAccessFilter) -- C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys File not found

DRV - (SAVOnAccessControl) -- C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys File not found

DRV - (DVDRC) -- C:\WINDOWS\System32\drivers\DVDRC.sys File not found

DRV - (catchme) -- C:\DOCUME~1\AdmTmp\LOCALS~1\Temp\catchme.sys File not found

O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found.

[2010/11/18 21:33:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe

[2010/11/18 21:33:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"UserInit"="C:\WINDOWS\system32\userinit.exe,"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

"AppInit_DLLs"=""

:Files

C:\WINDOWS\explorermgr.exe

C:\WINDOWS\System32\dmlconf.dat

:Commands

[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Redémarre le pc.

si tu as encore un soucis après cela je vais demander un autre avis a d'autres experts.

Fabi41 · le 19 novembre 2010

Bonjour,

je pense qu'il va falloir faire appel à l'équipe.

Virusscan détecte toujours ce w32/NGVCK sur les fichiers jqsmgr.exe ; iexplorermgr.exe et AcroRd32mgr.exe

tiens tiens que des fichiers *mgr.exe dont certains sont cachés.

OK fait ceci.

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Redémarre le pc.

si tu as encore un soucis après cela je vais demander un autre avis a d'autres experts.

bernard53 · le 19 novembre 2010

tu as bien fait la manip quand même.

Cette infection Ramnit est une vrai galère.

Je demande un coup de main.

Fabi41 · le 19 novembre 2010

je cherche aussi de mon coté.

Si cela peut aider le fichier watermark.exe m'inquiète beaucoup de plus il m'est impossible d ele supprimer (même avec unlocker)

tu as bien fait la manip quand même.

Cette infection Ramnit est une vrai galère.

Je demande un coup de main.

bernard53 · le 19 novembre 2010

A part cette autre possibilité avec le live CD de Dr.Web

Deux antivirus en live cd : Sécurité, firewall / Antivirus

Je crains que le formatage va devenir de rigueur.

attends encore un peu mais prépare cette éventualité.

Connexion

Pas encore inscrit ?

[Résolu] PC portable infecté

Messages recommandés

Fabi41

Fabi41

Fabi41

bernard53

Fabi41

bernard53

Fabi41

bernard53

Fabi41

bernard53

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer