Jump to content

forallbueaty

Members
  • Content Count

    44
  • Joined

  • Last visited

About forallbueaty

  • Rank
    Member
  • Birthday 12/01/1960

Profile Information

  • Gender
    Male
  • Location
    lanaudière
  • Interests
    books,musique,gaming,
    mohaa, BF2,BF3,CoDBO,

Previous Fields

  • System Specifications:
    Système d’exploitation Microsoft Windows 7 Édition Intégrale Version 6.1.7601 Service Pack 1 Build 7601 Éditeur Microsoft Corporation Type PC à base de x64 Processeur AMD Athlon™ 64 X2 Dual Core Processor 3800+, 2009 MHz, 2 cœur(s), 2 processeur(s) logique(s) Version du BIOS/Date American Megatrends Inc. 0301, 2006-08-21 Version SMBIOS 2.3 Répertoire Windows C:\Windows Répertoire système C:\Windows\system32 Périphérique de démarrage \Device\HarddiskVolume1 Option régionale Couche d’abstraction matérielle Version = "6.1.7601.17514" Utilisateur -----\---- Fuseaux horaires Est (heure d’été) Mémoire physique (RAM) installée 5,00 Go Mémoire physique totale 5,00 Go Mémoire physique disponible 3,71 Go Mémoire virtuelle totale 5,25 Go Mémoire virtuelle disponible 3,75 Go Espace pour le fichier d’échange 256 Mo Fichier d’échange C:\pagefile.sys lecteur C:148Go using 108, 40,3 free lecteur F:288Go using 103, 185 free
  • Teams:
    Nothing Selected
  1. this time i'm running Windows Defender full scan elapse time 25:50
  2. hi, This is my son's tablet disk C says that the 136 GB are at fullest i can't see no program installed erased some cache using windows defender clean disk doesn't do much tried to install AVG antivirus but get a error message saying something like download has stop old saves are unfound pc is in french plz be patient at the moment im trying to copy paste key root???? internet is working fine thanks to all in advance what files do you guys\gals need ? how do i make room on disk 😄 and how much is 136 GB not 136 Go? Système d’exploitation Microsoft Windows 7 Édition Intégrale Version 6.1.7601 Service Pack 1 Build 7601 Informations supplémentaires Non disponible Éditeur Microsoft Corporation Ordinateur IBADET-PC Fabricant Dell Inc. Modèle Inspiron 1525 Type PC à base de x64 Processeur Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz, 1867 MHz, 2 cœur(s), 2 processeur(s) logique(s) Version du BIOS/Date Dell Inc. A13, 6/27/2008 Version SMBIOS 2.4 Répertoire Windows C:\Windows Répertoire système C:\Windows\system32 Périphérique de démarrage \Device\HarddiskVolume3 Option régionale United States Couche d’abstraction matérielle Version = "6.1.7601.17514" Utilisateur ibadet-PC\ibadet Fuseaux horaires Est Mémoire physique (RAM) installée 4.00 Go Mémoire physique totale 3.99 Go Mémoire physique disponible 2.46 Go Mémoire virtuelle totale 7.98 Go Mémoire virtuelle disponible 6.39 Go Espace pour le fichier d’échange 3.99 Go Fichier d’échange D:\pagefile.sys fab p-s: disk E: has 5 Go available
  3. thanks to all sometimes you have to read it to remember what you already know i really appreciate you guys taking time to answer this i think the print screen i used in the past was in my gaming program(mohaa) and then in the default folder of that program but again i really appreciate to read all the answers you gave me and links merci beaucoup
  4. allo every one im using a laptop lenovo L 512 win 7 professionnel on my keyboard there is a Fonction key and multi keys with the matching colour so to use that fonction key my Fkeys stop at F12 on the insert key there is a Im Éc printed i think it means print screen so? simple question do you know where the print screen usually stores the printed screens i did??? also im using firefox is there any other way to print my screen whenever i want thank you
  5. hey tomk thank you i think every thing is in order now i checked and yes the last restore point was made by combofix in the restore of config panel is there a way to save this restore point say for a long period of time? f
  6. hey tomk dont go i was looking forward to these little chat il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop ( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are? i'm guessing groups under this forum), but the download this and dowload that kept me scared, lol i finally succeed in finding how to get the run button in my start menu the guy that install my pc did it in french against my will so by default windows sets everything in french, moving from french to english and back to french is sometimes diff. i understand every instructions you gave in your last post but im wondering why you uninstall all the program you installed couldnt i keep them i probably downloaded them in my downloads file anyway and what about those i mentionned in my earlier posts (CCleaner, malwarebytes, etc) will it ask me to erase them as well ? thank you for all you done to the pc i ll make sure to read the info you gave i have one question i saw combofix did a restore point and i see youre saying it will use it im wondering is the restore point i used and talked about in my beginning post be still good? thank you very much fv
  7. here you go thanks for everything again tomk was pretty sure i send you this yesterday seems not have a good day f Farbar Service Scanner Version: 06-08-2012 Ran by Papa (administrator) on 16-09-2012 at 12:45:15 Running from "C:UsersPapaDownloads" Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:WindowsSystem32nsisvc.dll => MD5 is legit C:WindowsSystem32driversnsiproxy.sys => MD5 is legit C:WindowsSystem32driversafd.sys => MD5 is legit C:WindowsSystem32driverstdx.sys => MD5 is legit C:WindowsSystem32Driverstcpip.sys [2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC C:WindowsSystem32dnsrslvr.dll => MD5 is legit C:WindowsSystem32mpssvc.dll => MD5 is legit C:WindowsSystem32bfe.dll => MD5 is legit C:WindowsSystem32driversmpsdrv.sys => MD5 is legit C:WindowsSystem32SDRSVC.dll => MD5 is legit C:WindowsSystem32vssvc.exe => MD5 is legit C:WindowsSystem32wscsvc.dll => MD5 is legit C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit C:WindowsSystem32wuaueng.dll => MD5 is legit C:WindowsSystem32qmgr.dll => MD5 is legit C:WindowsSystem32es.dll => MD5 is legit C:WindowsSystem32cryptsvc.dll => MD5 is legit C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit C:WindowsSystem32ipnathlp.dll => MD5 is legit C:WindowsSystem32svchost.exe => MD5 is legit C:WindowsSystem32rpcss.dll => MD5 is legit **** End of log ****
  8. hey tomk how strange i just received the Windows renewing of contract e-mail for the services ?) i started the FSS i dont have a "Include All Files" option i have 8 ckboxes 2 first are already checked RpcSs and Plugplay Internet Services Windows Firewall Systèm Restore Security Center/Action Center Windows Update Windows Defender Other Services and there is a board to Search: then 3 buttons Scan, Search Files, Export Service
  9. system failure trying to restore system successfully restored wow this one had me running for a sec. when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that i said no and restart the pc so here i am ... and this is the combomix log: ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00] Lancé depuis: c:usersPapaDesktopComboFix.exe Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée Copie restaurée à partir de - c:windowserdntcache64services.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 )))))))))))))))))))))))))))))))))))) . . 2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET 2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll 2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll 2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner 2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus 2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys 2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés 2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe 2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr 2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe 2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0 2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll 2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys 2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll 2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll 2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll 2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe 2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll 2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll 2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll 2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll 2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll 2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll 2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe 2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll 2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll 2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll 2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe 2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe 2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll 2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll 2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll 2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll 2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll 2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll 2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll 2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll 2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll 2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll 2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll 2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll 2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll 2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll 2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll 2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll 2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll 2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll 2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys 2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll 2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll 2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll 2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll 2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll 2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys 2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys 2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll 2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll 2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll 2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll 2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll 2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll 2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll 2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll 2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll 2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe 2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll . [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll . ((((((((((((((((((((((((((((( [email protected]_02.33.53 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin + 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin - 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat - 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat + 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984] "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152] "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704] "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568] R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640] R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984] S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704] S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288] S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816] S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776] . . Contenu du dossier 'Tâches planifiées' . 2012-09-14 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18] . 2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . 2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736] . ------- Examen supplémentaire ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.ca/ig mLocal Page = c:windowsSysWOW64blank.htm TCP: DhcpNameServer = 192.168.2.1 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:progra~2AVANQU~1Fix-Itmxtask2.exe c:windowsSysWOW64PnkBstrA.exe . ************************************************************************** . Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-14 22:48 ComboFix2.txt 2012-09-12 02:55 . Avant-CF: 41 512 349 696 octets libres Après-CF: 41 286 852 608 octets libres . - - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672
  10. hey Tomk how are you i dowloaded combofix again directly to the desktop its the 1st time that i do that do you have many application on your pc installed on the desktop?? lol got a window though saying smartscreen has detect combofix and think it could harm your pc: i understand combofix cant run when my AVG is running but its scary is smartscreen a part of AVG, what do you think ? f
  11. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. was wondering didnt had my combofix on my desktop so i found combofix somewhere and dragged a shortcut to my desktop will it work the same ?probably the same, yes?
  12. hey Tomk how are you today? i chked Kantaris its a media player dont know where it comes from maybe i use it when i look at movies on the net i try to store my things in F: so i have more place to run the programs hope i didnt scrap my F: heres the ESETSCAN.txt you asked C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application
  13. hi tomk, i wont erase utorrent , i knew the risks, but i wont start it til' you tell me that my pc is clean you didnt say if you were to restore my registry you said malware i have runned malwarebytes without finding if you find some plz tell it to me so im up to date are you going to use hijackthis or not after combo? and why? i appreciated your help thank you f here the combofix log hope everything is at your liking ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00] Lancé depuis: c:usersPapaDownloadsComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:usersPapaAppDataLocalTempDIR c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 )))))))))))))))))))))))))))))))))))) . . 2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll 2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll 2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner 2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus 2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys 2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés 2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP 2012-08-15 00:39 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll 2012-08-15 00:39 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll 2012-08-15 00:32 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll 2012-08-15 00:32 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe 2012-08-15 00:32 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe 2012-08-15 00:32 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll 2012-08-15 00:26 . 2012-07-04 22:16 73216 ----a-w- c:windowssystem32netapi32.dll 2012-08-15 00:26 . 2012-07-04 22:13 59392 ----a-w- c:windowssystem32browcli.dll 2012-08-15 00:26 . 2012-07-04 22:13 136704 ----a-w- c:windowssystem32browser.dll 2012-08-15 00:26 . 2012-07-04 21:14 41984 ----a-w- c:windowsSysWow64browcli.dll 2012-08-15 00:26 . 2012-07-18 18:15 3148800 ----a-w- c:windowssystem32win32k.sys 2012-08-15 00:24 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe 2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr 2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe 2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0 2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll 2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys 2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll 2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll 2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll 2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe 2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll 2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll 2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll 2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll 2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll 2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll 2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe 2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll 2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll 2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll 2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe 2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe 2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll 2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll 2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll 2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll 2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll 2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll 2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll 2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll 2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll 2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll 2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll 2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll 2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll 2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll 2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll 2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll 2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll 2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll 2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys 2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll 2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll 2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll 2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll 2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll 2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys 2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe 2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll . [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984] "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152] "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704] "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568] R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640] R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984] S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704] S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288] S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816] S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . Contenu du dossier 'Tâches planifiées' . 2012-09-12 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18] . 2012-09-11 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . 2012-09-12 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.ca/ig mLocal Page = c:windowsSysWOW64blank.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKCU-Run-rlneug - c:usersPapaAppDataRoamingrlneug.dll AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:windowsSysWOW64PnkBstrA.exe c:progra~2AVANQU~1Fix-Itmxtask2.exe . ************************************************************************** . Heure de fin: 2012-09-11 22:55:31 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-12 02:55 . Avant-CF: 42 208 088 064 octets libres Après-CF: 41 588 035 584 octets libres . - - End Of File - - 886C9F6A01008AFFDEE13E0CF91CE62E
  14. i runned the hijackthis.exe with administrator rights and obtained this : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:04:24, on 2012-09-11 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:WindowsvVX3000.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)Windows LiveMessengermsnmsgr.exe C:Program Files (x86)Windows LiveContactswlcomm.exe C:Program Files (x86)Internet ExplorerIELowutil.exe C:UsersPapaDownloadsHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU') O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe -- End of file - 21711 bytes
  15. as instructed those are the dds log and the attach.txt thanks . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Papa at 22:47:39 on 2012-09-10 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3775 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:PROGRA~2AVGAVG2012avgrsa.exe C:Program Files (x86)AVGAVG2012avgcsrva.exe C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:Windowssystem32atiesrxx.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32atieclxx.exe C:Windowssystem32svchost.exe -k NetworkService C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe C:Program Files (x86)AVGAVG2012avgwdsvc.exe C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork C:PROGRA~2AVANQU~1Fix-ItMxTask.exe C:Windowssystem32taskhost.exe C:WindowsExplorer.EXE C:Program FilesMicrosoft LifeCamMSCamS64.exe C:PROGRA~2AVANQU~1Fix-Itmxtask2.exe C:WindowsSysWOW64PnkBstrA.exe C:Windowssystem32svchost.exe -k imgsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe C:WindowsvVX3000.exe C:WindowsSystem32rundll32.exe C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe C:Program Files (x86)AVGAVG2012avgnsa.exe C:Program Files (x86)AVGAVG2012avgemca.exe C:Windowssystem32SearchIndexer.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Program Files (x86)Windows LiveMessengermsnmsgr.exe C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe C:Program Files (x86)AVGAVG2012avgui.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe C:Program Files (x86)Windows LiveContactswlcomm.exe C:UsersPapaDownloadsHijackThis.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:WindowsSysWOW64cmd.exe C:Windowssystem32conhost.exe C:WindowsSysWOW64cscript.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ig mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll uRun: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver uRun: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" mRun: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces{185D1B80-94AD-44E6-B843-6228F67257D8} : DhcpNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {A876E312-7D08-401a-B7A6-FAFC5DC2F292} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" mRun-x64: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" mRun-x64: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-6-11 361984] R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2012-5-9 328704] R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288] R2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service --> C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service [?] R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?] R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?] R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdW76.sys --> C:Windowssystem32driversAtihdW76.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-3 250568] S3 driverhardwarev2x64;driverhardwarev2x64;C:Program Filesma-config.comDriversdriverhardwarev2x64.sys [2011-7-21 16640] S3 maconfservice;Ma-Config Service;C:Program Filesma-config.comx64maconfservice.exe [2011-11-25 427640] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:Windowssystem32driversrdpvideominiport.sys --> C:Windowssystem32driversrdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?] S3 WatAdminSvc;Service Windows Activation Technologies;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-10 20:18:00 -------- d-----w- C:UsersPapaAppDataLocal{85E30EAB-4B4D-455A-860C-DF5152305EAA} 2012-09-10 18:28:14 -------- d-----w- C:UsersPapaAppDataLocal{4C3F087A-0EED-4C7E-8883-736C0C3297A2} 2012-09-10 01:59:07 -------- d-----w- C:UsersPapaAppDataLocal{DC69328E-E9A8-4F8F-927E-53CDF73A4653} 2012-09-09 01:58:28 -------- d-----w- C:UsersPapaAppDataLocal{4942C072-CEDD-4134-9FED-70175DB7E13F} 2012-09-08 13:58:03 -------- d-----w- C:UsersPapaAppDataLocal{4526F9E7-3A7C-4775-B894-1971604D56FB} 2012-09-08 01:57:38 -------- d-----w- C:UsersPapaAppDataLocal{ACF2F96A-751D-4F58-9D2E-8927911835B9} 2012-09-07 13:57:13 -------- d-----w- C:UsersPapaAppDataLocal{253B3B36-43FB-4392-A361-BF66F24C7B26} 2012-09-07 01:56:48 -------- d-----w- C:UsersPapaAppDataLocal{E88D8004-A655-4C2A-8D8F-31B4E66F1C6C} 2012-09-06 13:34:46 -------- d-----w- C:UsersPapaAppDataLocal{765699B6-41A4-47F9-80C1-BE1B1A2A8877} 2012-09-06 01:34:21 -------- d-----w- C:UsersPapaAppDataLocal{035F0375-112A-4927-B66E-7BDDC38FA4F3} 2012-09-05 01:27:43 -------- d-----w- C:UsersPapaAppDataLocal{FEAD323C-30F7-4705-B294-011939FCD00B} 2012-09-04 13:27:19 -------- d-----w- C:UsersPapaAppDataLocal{EE42C8D2-4A60-4118-B1BA-270144B06B6F} 2012-09-04 01:26:49 -------- d-----w- C:UsersPapaAppDataLocal{64B4AA6F-DE94-423B-AA3E-18D854D0B1BE} 2012-09-04 01:17:15 -------- d-----w- C:UsersPapaMes fichiers reçus 2012-09-02 00:56:31 -------- d-----w- C:UsersPapaAppDataLocal{C491865C-8626-4756-AA15-94FD0613E713} 2012-09-01 12:56:06 -------- d-----w- C:UsersPapaAppDataLocal{B879FBCC-A8CB-4599-A268-2212BBBEE339} 2012-09-01 00:55:36 -------- d-----w- C:UsersPapaAppDataLocal{4CA9856D-2009-4C70-B2AB-FBD0B9FF116E} 2012-08-31 10:27:11 -------- d-----w- C:UsersPapaAppDataLocal{E0177A7B-B254-4BFA-8F3A-F6598948113C} 2012-08-29 04:33:47 -------- d-----w- C:UsersPapaAppDataLocal{242CE880-66EF-4F46-88B1-318C52A0A75A} 2012-08-28 16:33:22 -------- d-----w- C:UsersPapaAppDataLocal{273B0523-A4D7-4067-9F5C-692A3C09947D} 2012-08-28 01:46:12 -------- d-----w- C:UsersPapaAppDataLocal{B8E8BD13-FEFF-46FC-A3D9-A29F5612F39A} 2012-08-26 22:12:26 -------- d-----w- C:UsersPapaAppDataLocal{2B401CBB-2656-40ED-9C03-97B3397A56C1} 2012-08-25 01:41:27 -------- d-----w- C:UsersPapaAppDataLocal{912EC5FB-DC4C-417E-A8A6-A16664F04707} 2012-08-24 19:43:16 384352 ----a-w- C:WindowsSystem32driversavgtdia.sys 2012-08-24 13:41:02 -------- d-----w- C:UsersPapaAppDataLocal{C317BD23-A3CF-4408-A4B7-CF6E739D3FE2} 2012-08-24 01:40:37 -------- d-----w- C:UsersPapaAppDataLocal{775980D0-DF37-4A9E-8AA3-35CC7B860362} 2012-08-23 12:40:46 -------- d-----w- C:UsersPapaAppDataLocal{D083C19B-467C-43CD-BCC8-FBEFC76149EC} 2012-08-22 17:49:40 -------- d-----w- C:UsersPapaAppDataLocal{398B7A4E-08BA-453F-8338-1030277359F8} 2012-08-22 01:33:25 -------- d-----w- C:UsersPapaAppDataLocal{0A817F48-1A0F-4F24-8C2D-325B4419AFC6} 2012-08-21 00:41:14 -------- d-----w- C:UsersPapaAppDataLocal{0968E816-C6B5-493D-B793-9AEC0A6459A0} 2012-08-20 12:40:49 -------- d-----w- C:UsersPapaAppDataLocal{BA5CE7CB-C403-4505-99D0-F68FA84F8B9B} 2012-08-19 16:14:36 -------- d-----w- C:UsersPapaAppDataLocal{4A026A8F-1F99-4B7F-AA27-45A95F28C78D} 2012-08-19 04:14:10 -------- d-----w- C:UsersPapaAppDataLocal{E6B12D4D-2021-42B2-93A7-77E00BF451F1} 2012-08-18 15:56:16 -------- d-----w- C:Program Filesprogrutilisés 2012-08-18 15:42:05 -------- d-----w- C:Program Files (x86)AMD APP 2012-08-18 15:19:12 -------- d-----w- C:UsersPapaAppDataLocal{7A7212DE-991F-444D-9970-7F3725D98B7F} 2012-08-18 15:19:00 -------- d-----w- C:UsersPapaAppDataLocal{FDC41350-C8A2-45CC-B9C0-38DA910F3002} 2012-08-18 03:18:34 -------- d-----w- C:UsersPapaAppDataLocal{4416FB0C-FC13-46CE-A1CA-8C2D14744D75} 2012-08-18 03:18:22 -------- d-----w- C:UsersPapaAppDataLocal{5E07D33B-D052-45D5-BE79-C3435D5825C3} 2012-08-17 15:17:57 -------- d-----w- C:UsersPapaAppDataLocal{02CC49D4-2179-4A5C-929C-A096D3BC96D6} 2012-08-17 03:17:33 -------- d-----w- C:UsersPapaAppDataLocal{7030F170-9DCE-43C9-87D4-30AC756F5335} 2012-08-17 03:17:21 -------- d-----w- C:UsersPapaAppDataLocal{45AFBC88-813A-43CE-8F1F-1188107C9D23} 2012-08-16 15:16:55 -------- d-----w- C:UsersPapaAppDataLocal{1D971F47-2595-47F9-A317-8572AE22E8D2} 2012-08-16 15:16:43 -------- d-----w- C:UsersPapaAppDataLocal{3239C2F0-FF2F-4D32-9C77-4A7DE0C82C33} 2012-08-16 03:16:18 -------- d-----w- C:UsersPapaAppDataLocal{02497438-BA48-41CA-81F7-C09802AA8BDE} 2012-08-16 03:16:06 -------- d-----w- C:UsersPapaAppDataLocal{37B087BB-2EC4-4445-9E9E-6A925EF3E245} 2012-08-15 15:15:40 -------- d-----w- C:UsersPapaAppDataLocal{874F3B1B-0C09-4EA5-B4E2-A3E8D3128C58} 2012-08-15 15:15:27 -------- d-----w- C:UsersPapaAppDataLocal{29229140-5349-46A0-BD32-CF32F65DCEE8} 2012-08-15 14:56:25 -------- d-----w- C:UsersPapaAppDataLocal{A756F21C-FD62-4BE3-AFE4-54AD32E9073E} 2012-08-15 00:39:44 503808 ----a-w- C:WindowsSystem32srcore.dll 2012-08-15 00:39:43 43008 ----a-w- C:WindowsSysWow64srclient.dll 2012-08-15 00:32:12 751104 ----a-w- C:WindowsSystem32win32spl.dll 2012-08-15 00:32:12 67072 ----a-w- C:Windowssplwow64.exe 2012-08-15 00:32:12 559104 ----a-w- C:WindowsSystem32spoolsv.exe 2012-08-15 00:32:12 492032 ----a-w- C:WindowsSysWow64win32spl.dll 2012-08-15 00:26:55 59392 ----a-w- C:WindowsSystem32browcli.dll 2012-08-15 00:26:55 41984 ----a-w- C:WindowsSysWow64browcli.dll 2012-08-15 00:26:55 136704 ----a-w- C:WindowsSystem32browser.dll 2012-08-15 00:26:26 3148800 ----a-w- C:WindowsSystem32win32k.sys 2012-08-15 00:24:52 956928 ----a-w- C:WindowsSystem32localspl.dll 2012-08-14 23:31:47 -------- d-----w- C:UsersPapaAppDataLocal{85EE8171-1A06-4B34-9D9B-1F082711B160} 2012-08-14 11:31:22 -------- d-----w- C:UsersPapaAppDataLocal{58C20C59-A850-4463-858E-4C1EE895A962} 2012-08-14 11:31:09 -------- d-----w- C:UsersPapaAppDataLocal{F2C67B72-6464-4473-B8D7-021837438F1C} 2012-08-13 15:02:52 -------- d-----w- C:UsersPapaAppDataLocal{02E678B2-E580-4E9A-8472-E5ACC8A0EACD} 2012-08-13 03:02:27 -------- d-----w- C:UsersPapaAppDataLocal{DFDF81B8-02D3-4988-A206-32BBED371D4B} 2012-08-13 03:02:15 -------- d-----w- C:UsersPapaAppDataLocal{8986DB83-8088-47CA-A38A-98BA2367CE2E} 2012-08-12 15:01:50 -------- d-----w- C:UsersPapaAppDataLocal{4918AB2D-70BE-4270-A8F5-9299BEBD5A39} 2012-08-12 15:01:34 -------- d-----w- C:UsersPapaAppDataLocal{5ACFE5CF-E924-454B-AF23-56DED30F3558} 2012-08-12 03:01:09 -------- d-----w- C:UsersPapaAppDataLocal{E91383BA-1422-4412-A10C-76DCD83F4AFE} 2012-08-12 03:00:56 -------- d-----w- C:UsersPapaAppDataLocal{97406117-3F82-4575-8B93-F8D09EE89727} . ==================== Find3M ==================== . 2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.xtr 2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.exe 2012-08-31 04:25:27 281152 ----a-w- C:WindowsSysWow64PnkBstrB.ex0 2012-08-26 22:18:02 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2012-08-26 22:18:02 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe 2012-07-28 04:09:20 5538984 ----a-w- C:WindowsSysWow64atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:WindowsSystem32driversatikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:WindowsSystem32coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:WindowsSystem32atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:WindowsSysWow64atioglxx.dll 2012-07-28 02:47:40 187392 ----a-w- C:WindowsSystem32clinfo.exe 2012-07-28 02:47:24 75776 ----a-w- C:WindowsSystem32OpenVideo64.dll 2012-07-28 02:47:16 65024 ----a-w- C:WindowsSysWow64OpenVideo.dll 2012-07-28 02:47:10 63488 ----a-w- C:WindowsSystem32OVDecode64.dll 2012-07-28 02:47:06 56320 ----a-w- C:WindowsSysWow64OVDecode.dll 2012-07-28 02:46:56 16464896 ----a-w- C:WindowsSystem32amdocl64.dll 2012-07-28 02:46:06 13013504 ----a-w- C:WindowsSysWow64amdocl.dll 2012-07-28 02:15:50 163840 ----a-w- C:WindowsSystem32atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:WindowsSysWow64aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:WindowsSystem32aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:WindowsSystem32ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:WindowsSystem32atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:WindowsSystem32atiesrxx.exe 2012-07-28 02:08:20 120320 ----a-w- C:WindowsSystem32atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:WindowsSystem32atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:WindowsSystem32atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:WindowsSysWow64atidxx32.dll 2012-07-28 01:51:12 7052288 ----a-w- C:WindowsSystem32atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:WindowsSystem32atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:WindowsSystem32aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:WindowsSysWow64aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:WindowsSystem32aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:WindowsSysWow64aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:WindowsSystem32aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:WindowsSysWow64atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:WindowsSysWow64aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:WindowsSystem32atiumd64.dll 2012-07-28 01:15:32 540160 ----a-w- C:WindowsSystem32atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:WindowsSysWow64atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:WindowsSystem32atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:WindowsSysWow64atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:WindowsSystem32atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:WindowsSystem32atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:WindowsSysWow64atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:WindowsSystem32driversatikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:WindowsSystem32atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:WindowsSysWow64atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:WindowsSystem32atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:WindowsSysWow64atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:WindowsSystem32driversati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64amdpcom32.dll 2012-07-26 07:21:28 291680 ----a-w- C:WindowsSystem32driversavgldx64.sys 2012-06-29 03:56:34 2312704 ----a-w- C:WindowsSystem32jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:WindowsSystem32wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:WindowsSystem32ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:WindowsSysWow64jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:WindowsSysWow64wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2012-06-28 02:49:48 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe 2012-06-27 09:36:17 682280 ----a-w- C:WindowsSysWow64pbsvc.exe . ============= FINISH: 22:48:37,42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Édition Intégrale Boot Device: DeviceHarddiskVolume1 Install Date: 2011-06-25 14:35:01 System Uptime: 2012-09-10 21:24:30 (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M2N Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 149 GiB total, 40,113 GiB free. D: is CDROM () E: is CDROM (UDF) F: is FIXED (NTFS) - 289 GiB total, 185,295 GiB free. G: is FIXED (NTFS) - 10 GiB total, 9,454 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP146: 2012-09-04 23:11:58 - Point de contrôle planifié RP147: 2012-09-10 13:49:34 - Opération de restauration RP148: 2012-09-10 21:20:42 - Windows Update . ==== Installed Programs ====================== . AC3Filter 1.63b Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 AMD VISION Engine Control Center Apple Application Support Apple Software Update µTorrent Battlefield 2: Deluxe Edition Battlefield: Bad Company™ 2 Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: World at War Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Company of Heroes Crossrider Web Apps D3DX10 DivX Web Player DVD Shrink 3.2 eReg Facebook Video Calling 1.2.0.159 Fix-It Fix-It Utilities 11 Essentials InFlac 1.1.1 Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.61.0.1400 Medal of Honor Allied Assault Medal of Honor Allied Assault Breakthrough Microsoft Corporation Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT NVIDIA ForceWare Network Access Manager OpenOffice.org 3.3 PC Speed Maximizer v2.1 PokerStars PunkBuster Services QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) Skype™ 5.10 Steam TeamSpeak 3 Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC80CRTRedist - 8.0.50727.6195 Veetle TV 0.9.18 Veoh Web Player Visual Studio 2008 x64 Redistributables Winamp Winamp Detector Plug-in Windows Live Windows Live Communications Platform Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.11 (32-bit) Xfire (remove only) . ==== End Of File ===========================
×
×
  • Create New...