Jump to content

forallbueaty

Members
  • Content Count

    44
  • Joined

  • Last visited

Posts posted by forallbueaty


  1. hi,

     

    This is my son's tablet 

    disk C says that the 136 GB are at fullest 

    i can't see no program installed

    erased some cache 

    using windows defender 

    clean disk doesn't do much

     

    tried to install AVG antivirus

    but get a error message saying something like

    download has stop 

     

    old saves are unfound 

    pc is in french plz be patient

    at the moment im trying to copy paste 

    key root????

     

    internet is working fine 

     

     

    thanks to all in advance

     

    what files do you guys\gals need ?

    how do i make room on disk 😄

    and how much is 136 GB not 136 Go?

     

    Système d’exploitation    Microsoft Windows 7 Édition Intégrale
    Version    6.1.7601 Service Pack 1 Build 7601
    Informations supplémentaires     Non disponible
    Éditeur    Microsoft Corporation
    Ordinateur    IBADET-PC
    Fabricant    Dell Inc.
    Modèle    Inspiron 1525
    Type    PC à base de x64
    Processeur    Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz, 1867 MHz, 2 cœur(s), 2 processeur(s) logique(s)
    Version du BIOS/Date    Dell Inc. A13, 6/27/2008
    Version SMBIOS    2.4
    Répertoire Windows    C:\Windows
    Répertoire système    C:\Windows\system32
    Périphérique de démarrage    \Device\HarddiskVolume3
    Option régionale    United States
    Couche d’abstraction matérielle    Version = "6.1.7601.17514"
    Utilisateur    ibadet-PC\ibadet
    Fuseaux horaires    Est
    Mémoire physique (RAM) installée    4.00 Go
    Mémoire physique totale    3.99 Go
    Mémoire physique disponible    2.46 Go
    Mémoire virtuelle totale    7.98 Go
    Mémoire virtuelle disponible    6.39 Go
    Espace pour le fichier d’échange    3.99 Go
    Fichier d’échange    D:\pagefile.sys
     

     

     

     

     

    fab

     

    p-s:  disk E: has 5 Go available

     


  2. allo every one

     

    im using a laptop lenovo L 512

     

    win 7 professionnel

     

    on my keyboard there is a Fonction key and multi keys with the matching colour so to use that fonction key

     

    my Fkeys stop at F12

     

    on the insert key there is a Im Éc printed i think it means print screen

     

    so? simple question do you know where the print screen usually stores the printed screens i did???

     

    also im using firefox is there any other way to print my screen whenever i want

     

    thank you


  3. hey tomk dont go i was looking forward to these little chat

    il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop

    ( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are?

    i'm guessing groups under this forum),

    but the download this and dowload that kept me scared, lol

     

    i finally succeed in finding how to get the run button in my start menu

    the guy that install my pc did it in french against my will

    so by default windows sets everything in french,

    moving from french to english and back to french is sometimes diff.

     

    i understand every instructions you gave in your last post

    but im wondering why you uninstall all the program you installed couldnt i keep them

    i probably downloaded them in my downloads file anyway

    and what about those i mentionned in my earlier posts

    (CCleaner, malwarebytes, etc)

    will it ask me to erase them as well ?

     

    thank you for all you done to the pc

    i ll make sure to read the info you gave

     

    i have one question

    i saw combofix did a restore point and i see youre saying it will use it

    im wondering is the restore point i used and talked about in my beginning post be still good?

     

    thank you very much

     

    fv


  4. here you go

    thanks for everything again tomk

    was pretty sure i send you this yesterday

    seems not

    have a good day

     

    f

     

     

     

    Farbar Service Scanner Version: 06-08-2012

    Ran by Papa (administrator) on 16-09-2012 at 12:45:15

    Running from "C:UsersPapaDownloads"

    Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64)

    Boot Mode: Normal

    ****************************************************************

    Internet Services:

    ============

    Connection Status:

    ==============

    Localhost is accessible.

    LAN connected.

    Google IP is accessible.

    Google.com is accessible.

    Yahoo IP is accessible.

    Yahoo.com is accessible.

     

    Windows Firewall:

    =============

    Firewall Disabled Policy:

    ==================

     

    System Restore:

    ============

    System Restore Disabled Policy:

    ========================

     

    Action Center:

    ============

    Windows Update:

    ============

    Windows Autoupdate Disabled Policy:

    ============================

     

    Windows Defender:

    ==============

    WinDefend Service is not running. Checking service configuration:

    The start type of WinDefend service is set to Demand. The default start type is Auto.

    The ImagePath of WinDefend service is OK.

    The ServiceDll of WinDefend service is OK.

     

    Windows Defender Disabled Policy:

    ==========================

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

    "DisableAntiSpyware"=DWORD:1

     

    Other Services:

    ==============

     

    File Check:

    ========

    C:WindowsSystem32nsisvc.dll => MD5 is legit

    C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

    C:WindowsSystem32driversafd.sys => MD5 is legit

    C:WindowsSystem32driverstdx.sys => MD5 is legit

    C:WindowsSystem32Driverstcpip.sys

    [2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

    C:WindowsSystem32dnsrslvr.dll => MD5 is legit

    C:WindowsSystem32mpssvc.dll => MD5 is legit

    C:WindowsSystem32bfe.dll => MD5 is legit

    C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

    C:WindowsSystem32SDRSVC.dll => MD5 is legit

    C:WindowsSystem32vssvc.exe => MD5 is legit

    C:WindowsSystem32wscsvc.dll => MD5 is legit

    C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

    C:WindowsSystem32wuaueng.dll => MD5 is legit

    C:WindowsSystem32qmgr.dll => MD5 is legit

    C:WindowsSystem32es.dll => MD5 is legit

    C:WindowsSystem32cryptsvc.dll => MD5 is legit

    C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

    C:WindowsSystem32ipnathlp.dll => MD5 is legit

    C:WindowsSystem32svchost.exe => MD5 is legit

    C:WindowsSystem32rpcss.dll => MD5 is legit

     

    **** End of log ****


  5. hey tomk

     

    how strange i just received the Windows renewing of contract e-mail for the services ?)

     

     

    i started the FSS

     

    i dont have a "Include All Files" option

     

    i have 8 ckboxes

    2 first are already checked

     

    RpcSs and Plugplay

    Internet Services

    Windows Firewall

    Systèm Restore

    Security Center/Action Center

    Windows Update

    Windows Defender

    Other Services

    and there is a board to Search:

     

    then 3 buttons

    Scan, Search Files, Export Service


  6. system failure trying to restore system successfully restored wow this one had me running for a sec.

    when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that

    i said no and restart the pc

    so here i am ...

    and this is the combomix log:

     

    ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64

    Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00]

    Lancé depuis: c:usersPapaDesktopComboFix.exe

    Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt

    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Un nouveau point de restauration a été créé

    .

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée

    Copie restaurée à partir de - c:windowserdntcache64services.exe

    .

    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 ))))))))))))))))))))))))))))))))))))

    .

    .

    2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp

    2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET

    2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys

    2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys

    2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

    2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

    2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

    2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll

    2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

    2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner

    2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus

    2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys

    2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés

    2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP

    .

    .

    .

    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe

    2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr

    2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe

    2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0

    2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

    2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

    2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll

    2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys

    2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll

    2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll

    2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll

    2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe

    2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll

    2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll

    2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll

    2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll

    2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll

    2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll

    2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe

    2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll

    2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll

    2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll

    2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe

    2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe

    2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll

    2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll

    2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll

    2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

    2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll

    2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll

    2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll

    2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll

    2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll

    2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll

    2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll

    2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll

    2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll

    2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll

    2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll

    2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll

    2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll

    2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll

    2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys

    2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll

    2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll

    2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll

    2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll

    2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll

    2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys

    2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys

    2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll

    2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll

    2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll

    2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll

    2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll

    2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll

    2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll

    2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll

    2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll

    2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl

    2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll

    2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll

    2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll

    2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe

    2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll

    2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll

    2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb

    2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll

    2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll

    2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll

    2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

    2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

    2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

    2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe

    2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll

    [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll

    .

    [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll

    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

    .

    ((((((((((((((((((((((((((((( [email protected]_02.33.53 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

    + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

    + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

    - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

    - 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

    + 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

    + 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

    + 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin

    - 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

    + 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

    + 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

    - 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

    - 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

    + 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

    + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

    - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

    + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

    - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

    + 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

    - 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

    + 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

    - 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

    + 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat

    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    REGEDIT4

    .

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

    "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]

    .

    [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

    "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]

    "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]

    "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]

    "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

    "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]

    "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

    "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]

    "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

    BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

    .

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]

    R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]

    R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]

    R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

    R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

    R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

    R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]

    S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

    S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

    S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]

    S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]

    S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]

    S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]

    S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]

    S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

    S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]

    S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]

    S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]

    S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]

    S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

    S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

    .

    .

    Contenu du dossier 'Tâches planifiées'

    .

    2012-09-14 c:windowsTasksAdobe Flash Player Updater.job

    - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]

    .

    2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job

    - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

    .

    2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job

    - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

    "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]

    .

    ------- Examen supplémentaire -------

    .

    uLocal Page = c:windowssystem32blank.htm

    uStart Page = hxxp://www.google.ca/ig

    mLocal Page = c:windowsSysWOW64blank.htm

    TCP: DhcpNameServer = 192.168.2.1

    .

    .

    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

    @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

    @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Autres processus actifs ------------------------

    .

    c:progra~2AVANQU~1Fix-Itmxtask2.exe

    c:windowsSysWOW64PnkBstrA.exe

    .

    **************************************************************************

    .

    Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré

    ComboFix-quarantined-files.txt 2012-09-14 22:48

    ComboFix2.txt 2012-09-12 02:55

    .

    Avant-CF: 41 512 349 696 octets libres

    Après-CF: 41 286 852 608 octets libres

    .

    - - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672


  7. hey Tomk how are you

    i dowloaded combofix again directly to the desktop

    its the 1st time that i do that

    do you have many application on your pc installed on the desktop?? lol

     

    got a window though saying

    smartscreen has detect combofix and think it could harm your pc:

    i understand combofix cant run when my AVG is running

    but its scary

     

    is smartscreen a part of AVG, what do you think ?

     

    f


  8. hey Tomk

     

    how are you today?

    i chked Kantaris its a media player

    dont know where it comes from

    maybe i use it when i look at movies on the net

     

    i try to store my things in F:

    so i have more place to run the programs

    hope i didnt scrap my F:

     

     

    heres the ESETSCAN.txt you asked

     

    C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan

    C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application

    C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

    C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

    C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application

    F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application

    F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

    F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

    F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

    F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

    F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application


  9. hi tomk,

     

    i wont erase utorrent , i knew the risks,

    but i wont start it til' you tell me that my pc is clean

    you didnt say if you were to restore my registry

    you said malware i have runned malwarebytes without finding

    if you find some plz tell it to me so im up to date

     

    are you going to use hijackthis or not after combo? and why?

    i appreciated your help thank you

     

    f

     

    here the combofix log

    hope everything is at your liking

     

    ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64

    Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00]

    Lancé depuis: c:usersPapaDownloadsComboFix.exe

    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:usersPapaAppDataLocalTempDIR

    c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt

    c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt

    c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt

    c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe

    .

    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 ))))))))))))))))))))))))))))))))))))

    .

    .

    2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys

    2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys

    2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

    2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

    2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

    2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll

    2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

    2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner

    2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus

    2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys

    2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés

    2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP

    2012-08-15 00:39 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll

    2012-08-15 00:39 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll

    2012-08-15 00:32 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll

    2012-08-15 00:32 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe

    2012-08-15 00:32 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe

    2012-08-15 00:32 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll

    2012-08-15 00:26 . 2012-07-04 22:16 73216 ----a-w- c:windowssystem32netapi32.dll

    2012-08-15 00:26 . 2012-07-04 22:13 59392 ----a-w- c:windowssystem32browcli.dll

    2012-08-15 00:26 . 2012-07-04 22:13 136704 ----a-w- c:windowssystem32browser.dll

    2012-08-15 00:26 . 2012-07-04 21:14 41984 ----a-w- c:windowsSysWow64browcli.dll

    2012-08-15 00:26 . 2012-07-18 18:15 3148800 ----a-w- c:windowssystem32win32k.sys

    2012-08-15 00:24 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe

    2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr

    2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe

    2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0

    2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

    2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

    2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll

    2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys

    2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll

    2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll

    2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll

    2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe

    2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll

    2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll

    2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll

    2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll

    2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll

    2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll

    2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe

    2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll

    2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll

    2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll

    2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe

    2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe

    2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll

    2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll

    2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll

    2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

    2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll

    2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll

    2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll

    2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll

    2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll

    2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll

    2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll

    2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll

    2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll

    2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll

    2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll

    2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll

    2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll

    2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll

    2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll

    2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys

    2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll

    2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll

    2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll

    2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll

    2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll

    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll

    2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys

    2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe

    2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll

    [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll

    .

    [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll

    [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    REGEDIT4

    .

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

    "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]

    .

    [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

    "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]

    "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]

    "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]

    "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

    "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]

    "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

    "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]

    "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]

    .

    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

    BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

    .

    [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

    R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]

    R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]

    R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]

    R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

    R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

    R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

    R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]

    S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

    S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]

    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

    S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]

    S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]

    S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]

    S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]

    S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]

    S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

    S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]

    S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]

    S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]

    S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]

    S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

    S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

    .

    .

    --- Autres Services/Pilotes en mémoire ---

    .

    *NewlyCreated* - WS2IFSL

    .

    Contenu du dossier 'Tâches planifiées'

    .

    2012-09-12 c:windowsTasksAdobe Flash Player Updater.job

    - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]

    .

    2012-09-11 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job

    - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

    .

    2012-09-12 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job

    - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

    "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]

    .

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Examen supplémentaire -------

    .

    uLocal Page = c:windowssystem32blank.htm

    uStart Page = hxxp://www.google.ca/ig

    mLocal Page = c:windowsSysWOW64blank.htm

    TCP: DhcpNameServer = 192.168.2.1

    .

    - - - - ORPHELINS SUPPRIMES - - - -

    .

    Wow6432Node-HKCU-Run-rlneug - c:usersPapaAppDataRoamingrlneug.dll

    AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe

    .

    .

    .

    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

    @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

    @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

    @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Autres processus actifs ------------------------

    .

    c:windowsSysWOW64PnkBstrA.exe

    c:progra~2AVANQU~1Fix-Itmxtask2.exe

    .

    **************************************************************************

    .

    Heure de fin: 2012-09-11 22:55:31 - La machine a redémarré

    ComboFix-quarantined-files.txt 2012-09-12 02:55

    .

    Avant-CF: 42 208 088 064 octets libres

    Après-CF: 41 588 035 584 octets libres

    .

    - - End Of File - - 886C9F6A01008AFFDEE13E0CF91CE62E


  10. i runned the hijackthis.exe with administrator rights and obtained this :

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 08:04:24, on 2012-09-11

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16448)

    Boot mode: Normal

    Running processes:

    C:WindowsvVX3000.exe

    C:Program Files (x86)AVGAVG2012avgtray.exe

    C:Program Files (x86)Winampwinampa.exe

    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

    C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

    C:Program Files (x86)Windows LiveContactswlcomm.exe

    C:Program Files (x86)Internet ExplorerIELowutil.exe

    C:UsersPapaDownloadsHijackThis.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

    R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

    O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

    O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

    O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

    O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

    O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

    O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

    O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

    O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

    O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

    O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

    O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

    O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

    O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL')

    O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL')

    O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU')

    O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU')

    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

    O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe

    O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe

    O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe

    O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

    O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

    O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe

    O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe

    O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

    O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe

    O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe

    O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

    O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

    O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

    O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe

    O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

    O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

    O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

    O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe

    O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe

    --

    End of file - 21711 bytes


  11. as instructed those are the dds log and the attach.txt

    thanks

     

     

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

    Run by Papa at 22:47:39 on 2012-09-10

    Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3775 [GMT -4:00]

    .

    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:PROGRA~2AVGAVG2012avgrsa.exe

    C:Program Files (x86)AVGAVG2012avgcsrva.exe

    C:Windowssystem32wininit.exe

    C:Windowssystem32lsm.exe

    C:Windowssystem32svchost.exe -k DcomLaunch

    C:Windowssystem32svchost.exe -k RPCSS

    C:Windowssystem32atiesrxx.exe

    C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

    C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

    C:Windowssystem32svchost.exe -k netsvcs

    C:Windowssystem32svchost.exe -k LocalService

    C:Windowssystem32atieclxx.exe

    C:Windowssystem32svchost.exe -k NetworkService

    C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

    C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

    C:Program Files (x86)AVGAVG2012avgwdsvc.exe

    C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork

    C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

    C:Windowssystem32taskhost.exe

    C:WindowsExplorer.EXE

    C:Program FilesMicrosoft LifeCamMSCamS64.exe

    C:PROGRA~2AVANQU~1Fix-Itmxtask2.exe

    C:WindowsSysWOW64PnkBstrA.exe

    C:Windowssystem32svchost.exe -k imgsvc

    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

    C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

    C:WindowsvVX3000.exe

    C:WindowsSystem32rundll32.exe

    C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

    C:Program Files (x86)AVGAVG2012avgtray.exe

    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

    C:Program Files (x86)Winampwinampa.exe

    C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe

    C:Program Files (x86)AVGAVG2012avgnsa.exe

    C:Program Files (x86)AVGAVG2012avgemca.exe

    C:Windowssystem32SearchIndexer.exe

    C:Program FilesWindows Media Playerwmpnetwk.exe

    C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

    C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

    C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

    C:Program Files (x86)AVGAVG2012avgui.exe

    C:Program Files (x86)Internet Exploreriexplore.exe

    C:Program Files (x86)Internet Exploreriexplore.exe

    C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe

    C:Program Files (x86)Windows LiveContactswlcomm.exe

    C:UsersPapaDownloadsHijackThis.exe

    C:Windowssystem32SearchProtocolHost.exe

    C:Windowssystem32SearchFilterHost.exe

    C:Windowssystem32DllHost.exe

    C:Windowssystem32DllHost.exe

    C:WindowsSysWOW64cmd.exe

    C:Windowssystem32conhost.exe

    C:WindowsSysWOW64cscript.exe

    C:Windowssystem32wbemwmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.ca/ig

    mWinlogon: Userinit=userinit.exe,

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll

    BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

    BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

    uRun: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

    uRun: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

    mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

    mRun: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

    mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

    mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

    mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

    mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

    mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

    mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    TCP: DhcpNameServer = 192.168.2.1

    TCP: Interfaces{185D1B80-94AD-44E6-B843-6228F67257D8} : DhcpNameServer = 192.168.2.1

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {A876E312-7D08-401a-B7A6-FAFC5DC2F292}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

    mRun-x64: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

    mRun-x64: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

    mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

    mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

    mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

    mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

    mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?]

    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]

    R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]

    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]

    R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]

    R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?]

    R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-6-11 361984]

    R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2012-5-9 328704]

    R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-8-13 5167736]

    R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288]

    R2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service --> C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service [?]

    R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?]

    R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?]

    R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdW76.sys --> C:Windowssystem32driversAtihdW76.sys [?]

    R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?]

    R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

    S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-3 160944]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-3 250568]

    S3 driverhardwarev2x64;driverhardwarev2x64;C:Program Filesma-config.comDriversdriverhardwarev2x64.sys [2011-7-21 16640]

    S3 maconfservice;Ma-Config Service;C:Program Filesma-config.comx64maconfservice.exe [2011-11-25 427640]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:Windowssystem32driversrdpvideominiport.sys --> C:Windowssystem32driversrdpvideominiport.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]

    S3 WatAdminSvc;Service Windows Activation Technologies;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-09-10 20:18:00 -------- d-----w- C:UsersPapaAppDataLocal{85E30EAB-4B4D-455A-860C-DF5152305EAA}

    2012-09-10 18:28:14 -------- d-----w- C:UsersPapaAppDataLocal{4C3F087A-0EED-4C7E-8883-736C0C3297A2}

    2012-09-10 01:59:07 -------- d-----w- C:UsersPapaAppDataLocal{DC69328E-E9A8-4F8F-927E-53CDF73A4653}

    2012-09-09 01:58:28 -------- d-----w- C:UsersPapaAppDataLocal{4942C072-CEDD-4134-9FED-70175DB7E13F}

    2012-09-08 13:58:03 -------- d-----w- C:UsersPapaAppDataLocal{4526F9E7-3A7C-4775-B894-1971604D56FB}

    2012-09-08 01:57:38 -------- d-----w- C:UsersPapaAppDataLocal{ACF2F96A-751D-4F58-9D2E-8927911835B9}

    2012-09-07 13:57:13 -------- d-----w- C:UsersPapaAppDataLocal{253B3B36-43FB-4392-A361-BF66F24C7B26}

    2012-09-07 01:56:48 -------- d-----w- C:UsersPapaAppDataLocal{E88D8004-A655-4C2A-8D8F-31B4E66F1C6C}

    2012-09-06 13:34:46 -------- d-----w- C:UsersPapaAppDataLocal{765699B6-41A4-47F9-80C1-BE1B1A2A8877}

    2012-09-06 01:34:21 -------- d-----w- C:UsersPapaAppDataLocal{035F0375-112A-4927-B66E-7BDDC38FA4F3}

    2012-09-05 01:27:43 -------- d-----w- C:UsersPapaAppDataLocal{FEAD323C-30F7-4705-B294-011939FCD00B}

    2012-09-04 13:27:19 -------- d-----w- C:UsersPapaAppDataLocal{EE42C8D2-4A60-4118-B1BA-270144B06B6F}

    2012-09-04 01:26:49 -------- d-----w- C:UsersPapaAppDataLocal{64B4AA6F-DE94-423B-AA3E-18D854D0B1BE}

    2012-09-04 01:17:15 -------- d-----w- C:UsersPapaMes fichiers reçus

    2012-09-02 00:56:31 -------- d-----w- C:UsersPapaAppDataLocal{C491865C-8626-4756-AA15-94FD0613E713}

    2012-09-01 12:56:06 -------- d-----w- C:UsersPapaAppDataLocal{B879FBCC-A8CB-4599-A268-2212BBBEE339}

    2012-09-01 00:55:36 -------- d-----w- C:UsersPapaAppDataLocal{4CA9856D-2009-4C70-B2AB-FBD0B9FF116E}

    2012-08-31 10:27:11 -------- d-----w- C:UsersPapaAppDataLocal{E0177A7B-B254-4BFA-8F3A-F6598948113C}

    2012-08-29 04:33:47 -------- d-----w- C:UsersPapaAppDataLocal{242CE880-66EF-4F46-88B1-318C52A0A75A}

    2012-08-28 16:33:22 -------- d-----w- C:UsersPapaAppDataLocal{273B0523-A4D7-4067-9F5C-692A3C09947D}

    2012-08-28 01:46:12 -------- d-----w- C:UsersPapaAppDataLocal{B8E8BD13-FEFF-46FC-A3D9-A29F5612F39A}

    2012-08-26 22:12:26 -------- d-----w- C:UsersPapaAppDataLocal{2B401CBB-2656-40ED-9C03-97B3397A56C1}

    2012-08-25 01:41:27 -------- d-----w- C:UsersPapaAppDataLocal{912EC5FB-DC4C-417E-A8A6-A16664F04707}

    2012-08-24 19:43:16 384352 ----a-w- C:WindowsSystem32driversavgtdia.sys

    2012-08-24 13:41:02 -------- d-----w- C:UsersPapaAppDataLocal{C317BD23-A3CF-4408-A4B7-CF6E739D3FE2}

    2012-08-24 01:40:37 -------- d-----w- C:UsersPapaAppDataLocal{775980D0-DF37-4A9E-8AA3-35CC7B860362}

    2012-08-23 12:40:46 -------- d-----w- C:UsersPapaAppDataLocal{D083C19B-467C-43CD-BCC8-FBEFC76149EC}

    2012-08-22 17:49:40 -------- d-----w- C:UsersPapaAppDataLocal{398B7A4E-08BA-453F-8338-1030277359F8}

    2012-08-22 01:33:25 -------- d-----w- C:UsersPapaAppDataLocal{0A817F48-1A0F-4F24-8C2D-325B4419AFC6}

    2012-08-21 00:41:14 -------- d-----w- C:UsersPapaAppDataLocal{0968E816-C6B5-493D-B793-9AEC0A6459A0}

    2012-08-20 12:40:49 -------- d-----w- C:UsersPapaAppDataLocal{BA5CE7CB-C403-4505-99D0-F68FA84F8B9B}

    2012-08-19 16:14:36 -------- d-----w- C:UsersPapaAppDataLocal{4A026A8F-1F99-4B7F-AA27-45A95F28C78D}

    2012-08-19 04:14:10 -------- d-----w- C:UsersPapaAppDataLocal{E6B12D4D-2021-42B2-93A7-77E00BF451F1}

    2012-08-18 15:56:16 -------- d-----w- C:Program Filesprogrutilisés

    2012-08-18 15:42:05 -------- d-----w- C:Program Files (x86)AMD APP

    2012-08-18 15:19:12 -------- d-----w- C:UsersPapaAppDataLocal{7A7212DE-991F-444D-9970-7F3725D98B7F}

    2012-08-18 15:19:00 -------- d-----w- C:UsersPapaAppDataLocal{FDC41350-C8A2-45CC-B9C0-38DA910F3002}

    2012-08-18 03:18:34 -------- d-----w- C:UsersPapaAppDataLocal{4416FB0C-FC13-46CE-A1CA-8C2D14744D75}

    2012-08-18 03:18:22 -------- d-----w- C:UsersPapaAppDataLocal{5E07D33B-D052-45D5-BE79-C3435D5825C3}

    2012-08-17 15:17:57 -------- d-----w- C:UsersPapaAppDataLocal{02CC49D4-2179-4A5C-929C-A096D3BC96D6}

    2012-08-17 03:17:33 -------- d-----w- C:UsersPapaAppDataLocal{7030F170-9DCE-43C9-87D4-30AC756F5335}

    2012-08-17 03:17:21 -------- d-----w- C:UsersPapaAppDataLocal{45AFBC88-813A-43CE-8F1F-1188107C9D23}

    2012-08-16 15:16:55 -------- d-----w- C:UsersPapaAppDataLocal{1D971F47-2595-47F9-A317-8572AE22E8D2}

    2012-08-16 15:16:43 -------- d-----w- C:UsersPapaAppDataLocal{3239C2F0-FF2F-4D32-9C77-4A7DE0C82C33}

    2012-08-16 03:16:18 -------- d-----w- C:UsersPapaAppDataLocal{02497438-BA48-41CA-81F7-C09802AA8BDE}

    2012-08-16 03:16:06 -------- d-----w- C:UsersPapaAppDataLocal{37B087BB-2EC4-4445-9E9E-6A925EF3E245}

    2012-08-15 15:15:40 -------- d-----w- C:UsersPapaAppDataLocal{874F3B1B-0C09-4EA5-B4E2-A3E8D3128C58}

    2012-08-15 15:15:27 -------- d-----w- C:UsersPapaAppDataLocal{29229140-5349-46A0-BD32-CF32F65DCEE8}

    2012-08-15 14:56:25 -------- d-----w- C:UsersPapaAppDataLocal{A756F21C-FD62-4BE3-AFE4-54AD32E9073E}

    2012-08-15 00:39:44 503808 ----a-w- C:WindowsSystem32srcore.dll

    2012-08-15 00:39:43 43008 ----a-w- C:WindowsSysWow64srclient.dll

    2012-08-15 00:32:12 751104 ----a-w- C:WindowsSystem32win32spl.dll

    2012-08-15 00:32:12 67072 ----a-w- C:Windowssplwow64.exe

    2012-08-15 00:32:12 559104 ----a-w- C:WindowsSystem32spoolsv.exe

    2012-08-15 00:32:12 492032 ----a-w- C:WindowsSysWow64win32spl.dll

    2012-08-15 00:26:55 59392 ----a-w- C:WindowsSystem32browcli.dll

    2012-08-15 00:26:55 41984 ----a-w- C:WindowsSysWow64browcli.dll

    2012-08-15 00:26:55 136704 ----a-w- C:WindowsSystem32browser.dll

    2012-08-15 00:26:26 3148800 ----a-w- C:WindowsSystem32win32k.sys

    2012-08-15 00:24:52 956928 ----a-w- C:WindowsSystem32localspl.dll

    2012-08-14 23:31:47 -------- d-----w- C:UsersPapaAppDataLocal{85EE8171-1A06-4B34-9D9B-1F082711B160}

    2012-08-14 11:31:22 -------- d-----w- C:UsersPapaAppDataLocal{58C20C59-A850-4463-858E-4C1EE895A962}

    2012-08-14 11:31:09 -------- d-----w- C:UsersPapaAppDataLocal{F2C67B72-6464-4473-B8D7-021837438F1C}

    2012-08-13 15:02:52 -------- d-----w- C:UsersPapaAppDataLocal{02E678B2-E580-4E9A-8472-E5ACC8A0EACD}

    2012-08-13 03:02:27 -------- d-----w- C:UsersPapaAppDataLocal{DFDF81B8-02D3-4988-A206-32BBED371D4B}

    2012-08-13 03:02:15 -------- d-----w- C:UsersPapaAppDataLocal{8986DB83-8088-47CA-A38A-98BA2367CE2E}

    2012-08-12 15:01:50 -------- d-----w- C:UsersPapaAppDataLocal{4918AB2D-70BE-4270-A8F5-9299BEBD5A39}

    2012-08-12 15:01:34 -------- d-----w- C:UsersPapaAppDataLocal{5ACFE5CF-E924-454B-AF23-56DED30F3558}

    2012-08-12 03:01:09 -------- d-----w- C:UsersPapaAppDataLocal{E91383BA-1422-4412-A10C-76DCD83F4AFE}

    2012-08-12 03:00:56 -------- d-----w- C:UsersPapaAppDataLocal{97406117-3F82-4575-8B93-F8D09EE89727}

    .

    ==================== Find3M ====================

    .

    2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.xtr

    2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.exe

    2012-08-31 04:25:27 281152 ----a-w- C:WindowsSysWow64PnkBstrB.ex0

    2012-08-26 22:18:02 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

    2012-08-26 22:18:02 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

    2012-07-28 04:09:20 5538984 ----a-w- C:WindowsSysWow64atiumdag.dll

    2012-07-28 04:07:44 10278912 ----a-w- C:WindowsSystem32driversatikmdag.sys

    2012-07-28 03:43:12 70144 ----a-w- C:WindowsSystem32coinst_8.982.dll

    2012-07-28 03:19:34 24935424 ----a-w- C:WindowsSystem32atio6axx.dll

    2012-07-28 02:50:10 20546560 ----a-w- C:WindowsSysWow64atioglxx.dll

    2012-07-28 02:47:40 187392 ----a-w- C:WindowsSystem32clinfo.exe

    2012-07-28 02:47:24 75776 ----a-w- C:WindowsSystem32OpenVideo64.dll

    2012-07-28 02:47:16 65024 ----a-w- C:WindowsSysWow64OpenVideo.dll

    2012-07-28 02:47:10 63488 ----a-w- C:WindowsSystem32OVDecode64.dll

    2012-07-28 02:47:06 56320 ----a-w- C:WindowsSysWow64OVDecode.dll

    2012-07-28 02:46:56 16464896 ----a-w- C:WindowsSystem32amdocl64.dll

    2012-07-28 02:46:06 13013504 ----a-w- C:WindowsSysWow64amdocl.dll

    2012-07-28 02:15:50 163840 ----a-w- C:WindowsSystem32atiapfxx.exe

    2012-07-28 02:15:42 931328 ----a-w- C:WindowsSysWow64aticfx32.dll

    2012-07-28 02:13:56 1100288 ----a-w- C:WindowsSystem32aticfx64.dll

    2012-07-28 02:10:40 442368 ----a-w- C:WindowsSystem32ATIDEMGX.dll

    2012-07-28 02:10:34 534528 ----a-w- C:WindowsSystem32atieclxx.exe

    2012-07-28 02:09:44 239616 ----a-w- C:WindowsSystem32atiesrxx.exe

    2012-07-28 02:08:20 120320 ----a-w- C:WindowsSystem32atitmm64.dll

    2012-07-28 02:08:04 21504 ----a-w- C:WindowsSystem32atimuixx.dll

    2012-07-28 02:07:58 59392 ----a-w- C:WindowsSystem32atiedu64.dll

    2012-07-28 02:07:52 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll

    2012-07-28 02:07:10 6430208 ----a-w- C:WindowsSysWow64atidxx32.dll

    2012-07-28 01:51:12 7052288 ----a-w- C:WindowsSystem32atidxx64.dll

    2012-07-28 01:41:32 4266496 ----a-w- C:WindowsSystem32atiumd6a.dll

    2012-07-28 01:35:10 51200 ----a-w- C:WindowsSystem32aticalrt64.dll

    2012-07-28 01:35:08 46080 ----a-w- C:WindowsSysWow64aticalrt.dll

    2012-07-28 01:35:02 44544 ----a-w- C:WindowsSystem32aticalcl64.dll

    2012-07-28 01:35:00 44032 ----a-w- C:WindowsSysWow64aticalcl.dll

    2012-07-28 01:34:48 16034304 ----a-w- C:WindowsSystem32aticaldd64.dll

    2012-07-28 01:32:32 4751872 ----a-w- C:WindowsSysWow64atiumdva.dll

    2012-07-28 01:30:10 13605888 ----a-w- C:WindowsSysWow64aticaldd.dll

    2012-07-28 01:25:52 6676480 ----a-w- C:WindowsSystem32atiumd64.dll

    2012-07-28 01:15:32 540160 ----a-w- C:WindowsSystem32atiadlxx.dll

    2012-07-28 01:15:22 368640 ----a-w- C:WindowsSysWow64atiadlxy.dll

    2012-07-28 01:15:12 17920 ----a-w- C:WindowsSystem32atig6pxx.dll

    2012-07-28 01:15:08 14848 ----a-w- C:WindowsSysWow64atiglpxx.dll

    2012-07-28 01:15:08 14848 ----a-w- C:WindowsSystem32atiglpxx.dll

    2012-07-28 01:15:04 41984 ----a-w- C:WindowsSystem32atig6txx.dll

    2012-07-28 01:14:56 33280 ----a-w- C:WindowsSysWow64atigktxx.dll

    2012-07-28 01:14:46 368640 ----a-w- C:WindowsSystem32driversatikmpag.sys

    2012-07-28 01:13:54 129536 ----a-w- C:WindowsSystem32atiuxp64.dll

    2012-07-28 01:13:48 109568 ----a-w- C:WindowsSysWow64atiuxpag.dll

    2012-07-28 01:13:40 103936 ----a-w- C:WindowsSystem32atiu9p64.dll

    2012-07-28 01:13:32 83456 ----a-w- C:WindowsSysWow64atiu9pag.dll

    2012-07-28 01:12:54 53248 ----a-w- C:WindowsSystem32driversati2erec.dll

    2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32atimpc64.dll

    2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32amdpcom64.dll

    2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64atimpc32.dll

    2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64amdpcom32.dll

    2012-07-26 07:21:28 291680 ----a-w- C:WindowsSystem32driversavgldx64.sys

    2012-06-29 03:56:34 2312704 ----a-w- C:WindowsSystem32jscript9.dll

    2012-06-29 03:49:11 1392128 ----a-w- C:WindowsSystem32wininet.dll

    2012-06-29 03:48:07 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

    2012-06-29 03:43:49 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

    2012-06-29 03:39:48 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

    2012-06-29 00:16:58 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

    2012-06-29 00:09:01 1129472 ----a-w- C:WindowsSysWow64wininet.dll

    2012-06-29 00:08:59 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

    2012-06-29 00:04:43 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

    2012-06-29 00:00:45 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

    2012-06-28 02:49:48 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe

    2012-06-27 09:36:17 682280 ----a-w- C:WindowsSysWow64pbsvc.exe

    .

    ============= FINISH: 22:48:37,42 ===============

     

     

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Édition Intégrale

    Boot Device: DeviceHarddiskVolume1

    Install Date: 2011-06-25 14:35:01

    System Uptime: 2012-09-10 21:24:30 (1 hours ago)

    .

    Motherboard: ASUSTeK Computer INC. | | M2N

    Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 149 GiB total, 40,113 GiB free.

    D: is CDROM ()

    E: is CDROM (UDF)

    F: is FIXED (NTFS) - 289 GiB total, 185,295 GiB free.

    G: is FIXED (NTFS) - 10 GiB total, 9,454 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP146: 2012-09-04 23:11:58 - Point de contrôle planifié

    RP147: 2012-09-10 13:49:34 - Opération de restauration

    RP148: 2012-09-10 21:20:42 - Windows Update

    .

    ==== Installed Programs ======================

    .

    AC3Filter 1.63b

    Acrobat.com

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader 9.5.2

    AMD VISION Engine Control Center

    Apple Application Support

    Apple Software Update

    µTorrent

    Battlefield 2: Deluxe Edition

    Battlefield: Bad Company™ 2

    Call of Duty: Black Ops

    Call of Duty: Black Ops - Multiplayer

    Call of Duty: World at War

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Company of Heroes

    Crossrider Web Apps

    D3DX10

    DivX Web Player

    DVD Shrink 3.2

    eReg

    Facebook Video Calling 1.2.0.159

    Fix-It

    Fix-It Utilities 11 Essentials

    InFlac 1.1.1

    Java Auto Updater

    Java 7 Update 5

    JavaFX 2.1.1

    Malwarebytes Anti-Malware version 1.61.0.1400

    Medal of Honor Allied Assault

    Medal of Honor Allied Assault Breakthrough

    Microsoft Corporation

    Microsoft Silverlight

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    MSVCRT

    NVIDIA ForceWare Network Access Manager

    OpenOffice.org 3.3

    PC Speed Maximizer v2.1

    PokerStars

    PunkBuster Services

    QuickTime

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)

    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)

    Skype™ 5.10

    Steam

    TeamSpeak 3 Client

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    VC80CRTRedist - 8.0.50727.6195

    Veetle TV 0.9.18

    Veoh Web Player

    Visual Studio 2008 x64 Redistributables

    Winamp

    Winamp Detector Plug-in

    Windows Live

    Windows Live Communications Platform

    Windows Live Installer

    Windows Live Messenger

    Windows Live Photo Common

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    WinRAR 4.11 (32-bit)

    Xfire (remove only)

    .

    ==== End Of File ===========================


  12. i got a virus

    downloading with utorrent

    anyway

     

    since my AVG was unable to erase it

    i restored it twice but AVG kept getting it

    before i decided to run CCleaner, malwarebytes and fix-it essentialsr

    restored a 3rd time and AVG finally got it

    but the damage is done

     

    when i start my pc

    i get this little window that says:( though in french)

     

    run.dll

    problem at boot of

    C:UsersPapaAppDataRoamingrlneug.dll

    specified module can't be found

     

    in AVG log i have those :

     

    "";"C:UsersPapaAppDataRoamingspldic.dll";"Virus identifié Win32/Cryptor";"Déplacé en Quarantaine"

     

    and :

     

    "";"HKUS-1-5-21-2944442811-1643744279-865445854-1000SoftwareMicrosoftWindowsCurrentVersionRunspldic";"Clé de registre identifiée avec référence au fichier infecté C:UsersPapaAppDataRoamingspldic.dll";"Déplacé en Quarantaine"

     

    so i download hijackthis and runned it but i get a small window from hijackthis before i get the final log

    that says:

    For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may Not be able to fix this.

     

    If this happens, you need to edit the file yourself. To do this run notepad C:/window system32/drivers etc hosts

    press enter , i dont have a run button looking for it ??? i know !!

     

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 20:50:26, on 2012-09-10

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v9.00 (9.00.8112.16448)

    Boot mode: Normal

    Running processes:

    C:WindowsvVX3000.exe

    C:Program Files (x86)AVGAVG2012avgtray.exe

    C:Program Files (x86)Winampwinampa.exe

    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

    C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

    C:Program Files (x86)Windows LiveContactswlcomm.exe

    C:Program Files (x86)Internet Exploreriexplore.exe

    C:Program Files (x86)Internet Exploreriexplore.exe

    C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe

    C:Program Files (x86)Internet Exploreriexplore.exe

    C:UsersPapaDownloadsHijackThis.exe

    R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

    R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

    R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157

    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

    R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

    R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

    R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

    O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

    O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

    O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

    O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

    O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

    O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

    O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

    O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

    O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

    O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

    O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

    O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

    O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

    O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe

    O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe

    O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe

    O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

    O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

    O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe

    O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe

    O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

    O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe

    O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe

    O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

    O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

    O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

    O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe

    O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

    O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

    O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

    O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe

    O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

    O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe

    O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe

    O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe

    --

    End of file - 21467 bytes

     

     

    the virus was identified as Win32/Cryptor

     

    im ready to follow all instructions as well as to dowload and install anyting necessary to repare my registry

    anyone who has time to help plz ?

     

    thanks in advance

    see my profile to learn about my pc

    and let me know if you need more info

     

    f


  13. hey ourwilly :snooze: ,

     

    i did what you asked with the system restore and it didnt worked :pullhair: but it stocked at the same place as before so i taught maybe that if i erase the program where it stopped all the time that maybe it would work and it did :clap: so my norton icon shows that it went trough a whole scan yeah!!! i even made my last attempt in regular mode(not safe mode) :rofl2:

     

    so what do you think i mean what are the results from all the scans we did?

    what are the reports telling you? i know its me who should tell you if my pc is running well and it does (i think) :rolleyes: rofl

     

    don't you want a final scan of something or is every thing alright ?

     

    i want to tell you how much i appreciated the zeal you put in this and how much effective your work is,

     

    thank you very much

     

    forallbueaty

    :b33r::b33r::b33r::b33r::b33r::b33r::b33r::b33r::b33r::b33r::b33r::b33r:


  14. allo

    me again i upgraded norton and tried a full scan it went to 200 000 files and stopped instead of the 45 000 where it used to. when it does this i cant stop the scan can't find it either on the windows task manager i have to shut down the pc using the power button and a windows open saying ccap something is now shutting down.....what do you think ? :h3lp:

     

    forallbueaty


  15. Hi

    here it is the new report with the temp files erase strangely there is 2 cookies left ??

    i wanted to asked you about the resident shield should i activate it???? will it slow down my pc since i still have norton on and prevX was slowing down my game all the time will it be the same with this????

     

    and those in quarantine what's with them???

     

    forallbueaty

     

     

     

    AVG Anti-Spyware - Scan Report

    ---------------------------------------------------------

     

    + Created at: 5:16:10 PM 5/20/2007

     

    + Scan result:

     

     

     

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.

     

     

    ::Report end


  16. salut ourwilly,

     

    yesterday was :b33r::boxing::b33r: and this morning(afternoon) B) lol anyway

     

    i'm sending you the report from AVG do you recommand that i buy it and throw out my Norton anti-virus like every one is telling me (i have the internet security pack), remember that i tried also Panda do you recommend this one instead i know it may not be your place to say but i'm asking anyway money is no object what do you think i will after i send you this: upgrade with liveupdate then try again a full scan like i told you it wasn't working i have hopes(and i have hops) lol, after all that you have done that he may work again croos my fingers and i still have the PrevX progr somewhere that i used previous to your recommandations that wasn'T bad also

     

    i tk AVG is not bad...

     

    and i have a few questions also

    1-did you find anything suspicious(duh?)what?

    2- what about that winnet.dll thing was it alright?

     

    0oh and also i didnt clean my temp file s before the scan with AVg so i will do it again and post another report it took an hour to do i'm doing it right now....

     

     

    B)B)B)B)B)B)B)B)

    forallbueaty

     

    ---------------------------------------------------------

    AVG Anti-Spyware - Scan Report

    ---------------------------------------------------------

     

    + Created at: 3:52:07 PM 5/20/2007

     

    + Scan result:

     

     

     

    HKU\S-1-5-21-1202660629-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).

    HKU\S-1-5-21-1202660629-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Real : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.

    C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.

     

     

    ::Report end


  17. Quote

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    quote

     

    salut ourwilly :clap:

     

    Smitfraud fix never asked me that line

     

    i may have taken too much of that hops but it seems to be faster already B)

     

     

    thats the rapport(burp)

    SmitFraudFix v2.183

     

    Scan done at 14:28:00.29, Sat 05/19/2007

    Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    The filesystem type is NTFS

    Fix run in safe mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

     

     

    127.0.0.1 localhost

     

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

     

    GenericRenosFix by S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

     

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

    !!!Attention, following keys are not inevitably infected!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "System"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

     

    Registry Cleaning done.

     

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

    and here's the hjt

     

    Logfile of HijackThis v1.99.1

    Scan saved at 2:43:02 PM, on 5/19/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Razer\razerhid.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\Razer\razertra.exe

    C:\Program Files\Razer\razerofa.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\HJT\HijackThis.exe

     

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

     

    here in Québec this monday will be la fête de Dollard whom was a patriot so lots of beer in sight rofl

     

    hops on me

     

    forallbueaty


  18. Quote

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    quote

     

    salut ourwilly :clap:

     

    Smitfraud fix never asked me that line

     

    i may have taken too much of that hops but it seems to be faster already B)

     

     

    thats the rapport(burp)

    SmitFraudFix v2.183

     

    Scan done at 14:28:00.29, Sat 05/19/2007

    Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    The filesystem type is NTFS

    Fix run in safe mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

     

     

    127.0.0.1 localhost

     

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

     

    GenericRenosFix by S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

     

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

    !!!Attention, following keys are not inevitably infected!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "System"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

     

    Registry Cleaning done.

     

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

    and here's the hjt

     

    Logfile of HijackThis v1.99.1

    Scan saved at 2:43:02 PM, on 5/19/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Razer\razerhid.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\Razer\razertra.exe

    C:\Program Files\Razer\razerofa.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\HJT\HijackThis.exe

     

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

     

    here in Québec this monday will be la fête de Dollard whom was a patriot so lots of beer in sight rofl

     

    hops on me

     

    forallbueaty


  19. hello our willy :hammer:

    it's the week end :b33r:

    we dont work :nono:

     

    here's my last smitfraud fix

     

    SmitFraudFix v2.183

     

    Scan done at 15:50:44.82, Fri 05/18/2007

    Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    The filesystem type is NTFS

    Fix run in normal mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» Process

     

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Razer\razerhid.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Razer\razertra.exe

    C:\Program Files\Razer\razerofa.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Windows Media Player\wmplayer.exe

    C:\Program Files\WinRAR\WinRAR.exe

    C:\WINDOWS\system32\cmd.exe

     

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois\Application Data

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Francois\FAVORI~1

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

     

    C:\Program Files\Video ActiveX Object\ FOUND !

     

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

    "Source"="About:Home"

    "SubscribedURL"="About:Home"

    "FriendlyName"="My Current Home Page"

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

    "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

    !!!Attention, following keys are not inevitably infected!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

    !!!Attention, following keys are not inevitably infected!!!

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    "System"=""

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

     

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

     

    Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport

    DNS Server Search Order: 192.168.0.1

     

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

    :rofl2::laughing::rofl2::laughing::rofl2::laughing:


  20. hi ourwilly

    here's the latest hjt log

     

    Logfile of HijackThis v1.99.1

    Scan saved at 12:45:33 PM, on 5/16/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Razer\razerhid.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Program Files\Razer\razertra.exe

    C:\Program Files\Razer\razerofa.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\HJT\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteomedia.com/Meteo/Villes/can...es/CAQC0768.htm

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


  21. wow active scan seems to be very thorough but as i expected it jammed about at the same place as did my Noton anti-virus did that is at 47000 files checked approx. the third of all my pc files and it found 3 viruses and 4 others here's the report i'm trying the scan again but doesnt put to much hope in it to go further you already have the smithfraud fix report i'm adding thepanda report anda new hjt log ok?

     

    forallbueaty :cr@sh:

     

    Incident Status Location

     

    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Francois\Cookies\[email protected][1].txt

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\ALLdownloads1st\déjàvu\SmitfraudFix.zip[smitfraudFix/Process.exe]

    Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\ALLdownloads1st\déjàvu\SmitfraudFix.zip[smitfraudFix/restart.exe]

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix\SmitfraudFix\Process.exe

    Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix\SmitfraudFix\restart.exe

    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]

    Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix.zip[smitfraudFix/restart.exe]

×
×
  • Create New...