
forallbueaty
-
Content Count
44 -
Joined
-
Last visited
Posts posted by forallbueaty
-
-
hi,
This is my son's tablet
disk C says that the 136 GB are at fullest
i can't see no program installed
erased some cache
using windows defender
clean disk doesn't do much
tried to install AVG antivirus
but get a error message saying something like
download has stop
old saves are unfound
pc is in french plz be patient
at the moment im trying to copy paste
key root????
internet is working fine
thanks to all in advance
what files do you guys\gals need ?
how do i make room on disk 😄
and how much is 136 GB not 136 Go?
Système d’exploitation Microsoft Windows 7 Édition Intégrale
Version 6.1.7601 Service Pack 1 Build 7601
Informations supplémentaires Non disponible
Éditeur Microsoft Corporation
Ordinateur IBADET-PC
Fabricant Dell Inc.
Modèle Inspiron 1525
Type PC à base de x64
Processeur Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz, 1867 MHz, 2 cœur(s), 2 processeur(s) logique(s)
Version du BIOS/Date Dell Inc. A13, 6/27/2008
Version SMBIOS 2.4
Répertoire Windows C:\Windows
Répertoire système C:\Windows\system32
Périphérique de démarrage \Device\HarddiskVolume3
Option régionale United States
Couche d’abstraction matérielle Version = "6.1.7601.17514"
Utilisateur ibadet-PC\ibadet
Fuseaux horaires Est
Mémoire physique (RAM) installée 4.00 Go
Mémoire physique totale 3.99 Go
Mémoire physique disponible 2.46 Go
Mémoire virtuelle totale 7.98 Go
Mémoire virtuelle disponible 6.39 Go
Espace pour le fichier d’échange 3.99 Go
Fichier d’échange D:\pagefile.sys
fab
p-s: disk E: has 5 Go available
-
thanks to all
sometimes you have to read it to remember what you already know
i really appreciate you guys taking time to answer this
i think the print screen i used in the past was in my gaming program(mohaa)
and then in the default folder of that program
but again i really appreciate to read all the answers you gave me
and links
merci beaucoup
-
allo every one
im using a laptop lenovo L 512
win 7 professionnel
on my keyboard there is a Fonction key and multi keys with the matching colour so to use that fonction key
my Fkeys stop at F12
on the insert key there is a Im Éc printed i think it means print screen
so? simple question do you know where the print screen usually stores the printed screens i did???
also im using firefox is there any other way to print my screen whenever i want
thank you
-
hey tomk
thank you
i think every thing is in order now
i checked and yes the last restore point was made by combofix in the restore of config panel
is there a way to save this restore point say for a long period of time?
f
-
hey tomk dont go i was looking forward to these little chat
il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop
( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are?
i'm guessing groups under this forum),
but the download this and dowload that kept me scared, lol
i finally succeed in finding how to get the run button in my start menu
the guy that install my pc did it in french against my will
so by default windows sets everything in french,
moving from french to english and back to french is sometimes diff.
i understand every instructions you gave in your last post
but im wondering why you uninstall all the program you installed couldnt i keep them
i probably downloaded them in my downloads file anyway
and what about those i mentionned in my earlier posts
(CCleaner, malwarebytes, etc)
will it ask me to erase them as well ?
thank you for all you done to the pc
i ll make sure to read the info you gave
i have one question
i saw combofix did a restore point and i see youre saying it will use it
im wondering is the restore point i used and talked about in my beginning post be still good?
thank you very much
fv
-
here you go
thanks for everything again tomk
was pretty sure i send you this yesterday
seems not
have a good day
f
Farbar Service Scanner Version: 06-08-2012
Ran by Papa (administrator) on 16-09-2012 at 12:45:15
Running from "C:UsersPapaDownloads"
Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:WindowsSystem32nsisvc.dll => MD5 is legit
C:WindowsSystem32driversnsiproxy.sys => MD5 is legit
C:WindowsSystem32driversafd.sys => MD5 is legit
C:WindowsSystem32driverstdx.sys => MD5 is legit
C:WindowsSystem32Driverstcpip.sys
[2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:WindowsSystem32dnsrslvr.dll => MD5 is legit
C:WindowsSystem32mpssvc.dll => MD5 is legit
C:WindowsSystem32bfe.dll => MD5 is legit
C:WindowsSystem32driversmpsdrv.sys => MD5 is legit
C:WindowsSystem32SDRSVC.dll => MD5 is legit
C:WindowsSystem32vssvc.exe => MD5 is legit
C:WindowsSystem32wscsvc.dll => MD5 is legit
C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit
C:WindowsSystem32wuaueng.dll => MD5 is legit
C:WindowsSystem32qmgr.dll => MD5 is legit
C:WindowsSystem32es.dll => MD5 is legit
C:WindowsSystem32cryptsvc.dll => MD5 is legit
C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit
C:WindowsSystem32ipnathlp.dll => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSystem32rpcss.dll => MD5 is legit
**** End of log ****
-
hey tomk
how strange i just received the Windows renewing of contract e-mail for the services ?)
i started the FSS
i dont have a "Include All Files" option
i have 8 ckboxes
2 first are already checked
RpcSs and Plugplay
Internet Services
Windows Firewall
Systèm Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services
and there is a board to Search:
then 3 buttons
Scan, Search Files, Export Service
-
system failure trying to restore system successfully restored wow this one had me running for a sec.
when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that
i said no and restart the pc
so here i am ...
and this is the combomix log:
ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00]
Lancé depuis: c:usersPapaDesktopComboFix.exe
Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:windowserdntcache64services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp
2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET
2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys
2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys
2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS
2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys
2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys
2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll
2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll
2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner
2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys
2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés
2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe
2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr
2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe
2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0
2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll
2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe
2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll
2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll
2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll
2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll
2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll
2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll
2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys
2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll
2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys
2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys
2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll
2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll
2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll
2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll
2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll
2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll
2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll
2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll
2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll
2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll
2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll
2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll
2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll
2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll
2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb
2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll
2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll
2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll
2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb
2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe
2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll
[-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll
.
[-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll
.
((((((((((((((((((((((((((((( [email protected]_02.33.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
- 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin
+ 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin
- 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat
+ 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
- 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat
- 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat
+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat
+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat
+ 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat
- 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat
+ 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat
- 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat
+ 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]
"LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]
"WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]
"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]
"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]
"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]
R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]
R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]
R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]
S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]
S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]
S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]
S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]
S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]
S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-14 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]
.
2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job
- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]
.
2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job
- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]
.
------- Examen supplémentaire -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = hxxp://www.google.ca/ig
mLocal Page = c:windowsSysWOW64blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:progra~2AVANQU~1Fix-Itmxtask2.exe
c:windowsSysWOW64PnkBstrA.exe
.
**************************************************************************
.
Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-09-14 22:48
ComboFix2.txt 2012-09-12 02:55
.
Avant-CF: 41 512 349 696 octets libres
Après-CF: 41 286 852 608 octets libres
.
- - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672
-
hey Tomk how are you
i dowloaded combofix again directly to the desktop
its the 1st time that i do that
do you have many application on your pc installed on the desktop?? lol
got a window though saying
smartscreen has detect combofix and think it could harm your pc:
i understand combofix cant run when my AVG is running
but its scary
is smartscreen a part of AVG, what do you think ?
f
-
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
probably the same, yes?
-
hey Tomk
how are you today?
i chked Kantaris its a media player
dont know where it comes from
maybe i use it when i look at movies on the net
i try to store my things in F:
so i have more place to run the programs
hope i didnt scrap my F:
heres the ESETSCAN.txt you asked
C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan
C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application
C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application
C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application
C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application
F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application
F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application
F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application
F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application
F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application
F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application
-
hi tomk,
i wont erase utorrent , i knew the risks,
but i wont start it til' you tell me that my pc is clean
you didnt say if you were to restore my registry
you said malware i have runned malwarebytes without finding
if you find some plz tell it to me so im up to date
are you going to use hijackthis or not after combo? and why?
i appreciated your help thank you
f
here the combofix log
hope everything is at your liking
ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00]
Lancé depuis: c:usersPapaDownloadsComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usersPapaAppDataLocalTempDIR
c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt
c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt
c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt
c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys
2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys
2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS
2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys
2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys
2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll
2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll
2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner
2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys
2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés
2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP
2012-08-15 00:39 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll
2012-08-15 00:39 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll
2012-08-15 00:32 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll
2012-08-15 00:32 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe
2012-08-15 00:32 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe
2012-08-15 00:32 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll
2012-08-15 00:26 . 2012-07-04 22:16 73216 ----a-w- c:windowssystem32netapi32.dll
2012-08-15 00:26 . 2012-07-04 22:13 59392 ----a-w- c:windowssystem32browcli.dll
2012-08-15 00:26 . 2012-07-04 22:13 136704 ----a-w- c:windowssystem32browser.dll
2012-08-15 00:26 . 2012-07-04 21:14 41984 ----a-w- c:windowsSysWow64browcli.dll
2012-08-15 00:26 . 2012-07-18 18:15 3148800 ----a-w- c:windowssystem32win32k.sys
2012-08-15 00:24 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe
2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr
2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe
2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0
2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe
2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll
2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe
2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll
2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll
2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll
2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll
2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll
2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe
2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll
2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys
2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll
2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll
2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys
2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe
2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll
[-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll
.
[-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]
"LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]
"WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]
"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]
"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]
"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]
R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]
R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]
R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]
S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]
S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]
S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]
S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]
S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]
S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-12 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]
.
2012-09-11 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job
- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]
.
2012-09-12 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job
- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = hxxp://www.google.ca/ig
mLocal Page = c:windowsSysWOW64blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-rlneug - c:usersPapaAppDataRoamingrlneug.dll
AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:windowsSysWOW64PnkBstrA.exe
c:progra~2AVANQU~1Fix-Itmxtask2.exe
.
**************************************************************************
.
Heure de fin: 2012-09-11 22:55:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-09-12 02:55
.
Avant-CF: 42 208 088 064 octets libres
Après-CF: 41 588 035 584 octets libres
.
- - End Of File - - 886C9F6A01008AFFDEE13E0CF91CE62E
-
i runned the hijackthis.exe with administrator rights and obtained this :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:04:24, on 2012-09-11
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:WindowsvVX3000.exe
C:Program Files (x86)AVGAVG2012avgtray.exe
C:Program Files (x86)Winampwinampa.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Windows LiveContactswlcomm.exe
C:Program Files (x86)Internet ExplorerIELowutil.exe
C:UsersPapaDownloadsHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll
O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"
O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver
O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe
O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe
O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe
O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe
O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe
O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe
O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe
O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe
O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe
--
End of file - 21711 bytes
-
as instructed those are the dds log and the attach.txt
thanks
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Papa at 22:47:39 on 2012-09-10
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3775 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:PROGRA~2AVGAVG2012avgrsa.exe
C:Program Files (x86)AVGAVG2012avgcsrva.exe
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:Windowssystem32atiesrxx.exe
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32atieclxx.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe
C:Program Files (x86)AVGAVG2012avgwdsvc.exe
C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork
C:PROGRA~2AVANQU~1Fix-ItMxTask.exe
C:Windowssystem32taskhost.exe
C:WindowsExplorer.EXE
C:Program FilesMicrosoft LifeCamMSCamS64.exe
C:PROGRA~2AVANQU~1Fix-Itmxtask2.exe
C:WindowsSysWOW64PnkBstrA.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
C:WindowsvVX3000.exe
C:WindowsSystem32rundll32.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
C:Program Files (x86)AVGAVG2012avgtray.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program Files (x86)Winampwinampa.exe
C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program Files (x86)AVGAVG2012avgnsa.exe
C:Program Files (x86)AVGAVG2012avgemca.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe
C:Program Files (x86)AVGAVG2012avgui.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe
C:Program Files (x86)Windows LiveContactswlcomm.exe
C:UsersPapaDownloadsHijackThis.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:WindowsSysWOW64cmd.exe
C:Windowssystem32conhost.exe
C:WindowsSysWOW64cscript.exe
C:Windowssystem32wbemwmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/ig
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll
uRun: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver
uRun: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT
mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"
mRun: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"
mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"
mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml
mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces{185D1B80-94AD-44E6-B843-6228F67257D8} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{A876E312-7D08-401a-B7A6-FAFC5DC2F292}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"
mRun-x64: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"
mRun-x64: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"
mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml
mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-6-11 361984]
R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2012-5-9 328704]
R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288]
R2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service --> C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service [?]
R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdW76.sys --> C:Windowssystem32driversAtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-3 250568]
S3 driverhardwarev2x64;driverhardwarev2x64;C:Program Filesma-config.comDriversdriverhardwarev2x64.sys [2011-7-21 16640]
S3 maconfservice;Ma-Config Service;C:Program Filesma-config.comx64maconfservice.exe [2011-11-25 427640]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:Windowssystem32driversrdpvideominiport.sys --> C:Windowssystem32driversrdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-10 20:18:00 -------- d-----w- C:UsersPapaAppDataLocal{85E30EAB-4B4D-455A-860C-DF5152305EAA}
2012-09-10 18:28:14 -------- d-----w- C:UsersPapaAppDataLocal{4C3F087A-0EED-4C7E-8883-736C0C3297A2}
2012-09-10 01:59:07 -------- d-----w- C:UsersPapaAppDataLocal{DC69328E-E9A8-4F8F-927E-53CDF73A4653}
2012-09-09 01:58:28 -------- d-----w- C:UsersPapaAppDataLocal{4942C072-CEDD-4134-9FED-70175DB7E13F}
2012-09-08 13:58:03 -------- d-----w- C:UsersPapaAppDataLocal{4526F9E7-3A7C-4775-B894-1971604D56FB}
2012-09-08 01:57:38 -------- d-----w- C:UsersPapaAppDataLocal{ACF2F96A-751D-4F58-9D2E-8927911835B9}
2012-09-07 13:57:13 -------- d-----w- C:UsersPapaAppDataLocal{253B3B36-43FB-4392-A361-BF66F24C7B26}
2012-09-07 01:56:48 -------- d-----w- C:UsersPapaAppDataLocal{E88D8004-A655-4C2A-8D8F-31B4E66F1C6C}
2012-09-06 13:34:46 -------- d-----w- C:UsersPapaAppDataLocal{765699B6-41A4-47F9-80C1-BE1B1A2A8877}
2012-09-06 01:34:21 -------- d-----w- C:UsersPapaAppDataLocal{035F0375-112A-4927-B66E-7BDDC38FA4F3}
2012-09-05 01:27:43 -------- d-----w- C:UsersPapaAppDataLocal{FEAD323C-30F7-4705-B294-011939FCD00B}
2012-09-04 13:27:19 -------- d-----w- C:UsersPapaAppDataLocal{EE42C8D2-4A60-4118-B1BA-270144B06B6F}
2012-09-04 01:26:49 -------- d-----w- C:UsersPapaAppDataLocal{64B4AA6F-DE94-423B-AA3E-18D854D0B1BE}
2012-09-04 01:17:15 -------- d-----w- C:UsersPapaMes fichiers reçus
2012-09-02 00:56:31 -------- d-----w- C:UsersPapaAppDataLocal{C491865C-8626-4756-AA15-94FD0613E713}
2012-09-01 12:56:06 -------- d-----w- C:UsersPapaAppDataLocal{B879FBCC-A8CB-4599-A268-2212BBBEE339}
2012-09-01 00:55:36 -------- d-----w- C:UsersPapaAppDataLocal{4CA9856D-2009-4C70-B2AB-FBD0B9FF116E}
2012-08-31 10:27:11 -------- d-----w- C:UsersPapaAppDataLocal{E0177A7B-B254-4BFA-8F3A-F6598948113C}
2012-08-29 04:33:47 -------- d-----w- C:UsersPapaAppDataLocal{242CE880-66EF-4F46-88B1-318C52A0A75A}
2012-08-28 16:33:22 -------- d-----w- C:UsersPapaAppDataLocal{273B0523-A4D7-4067-9F5C-692A3C09947D}
2012-08-28 01:46:12 -------- d-----w- C:UsersPapaAppDataLocal{B8E8BD13-FEFF-46FC-A3D9-A29F5612F39A}
2012-08-26 22:12:26 -------- d-----w- C:UsersPapaAppDataLocal{2B401CBB-2656-40ED-9C03-97B3397A56C1}
2012-08-25 01:41:27 -------- d-----w- C:UsersPapaAppDataLocal{912EC5FB-DC4C-417E-A8A6-A16664F04707}
2012-08-24 19:43:16 384352 ----a-w- C:WindowsSystem32driversavgtdia.sys
2012-08-24 13:41:02 -------- d-----w- C:UsersPapaAppDataLocal{C317BD23-A3CF-4408-A4B7-CF6E739D3FE2}
2012-08-24 01:40:37 -------- d-----w- C:UsersPapaAppDataLocal{775980D0-DF37-4A9E-8AA3-35CC7B860362}
2012-08-23 12:40:46 -------- d-----w- C:UsersPapaAppDataLocal{D083C19B-467C-43CD-BCC8-FBEFC76149EC}
2012-08-22 17:49:40 -------- d-----w- C:UsersPapaAppDataLocal{398B7A4E-08BA-453F-8338-1030277359F8}
2012-08-22 01:33:25 -------- d-----w- C:UsersPapaAppDataLocal{0A817F48-1A0F-4F24-8C2D-325B4419AFC6}
2012-08-21 00:41:14 -------- d-----w- C:UsersPapaAppDataLocal{0968E816-C6B5-493D-B793-9AEC0A6459A0}
2012-08-20 12:40:49 -------- d-----w- C:UsersPapaAppDataLocal{BA5CE7CB-C403-4505-99D0-F68FA84F8B9B}
2012-08-19 16:14:36 -------- d-----w- C:UsersPapaAppDataLocal{4A026A8F-1F99-4B7F-AA27-45A95F28C78D}
2012-08-19 04:14:10 -------- d-----w- C:UsersPapaAppDataLocal{E6B12D4D-2021-42B2-93A7-77E00BF451F1}
2012-08-18 15:56:16 -------- d-----w- C:Program Filesprogrutilisés
2012-08-18 15:42:05 -------- d-----w- C:Program Files (x86)AMD APP
2012-08-18 15:19:12 -------- d-----w- C:UsersPapaAppDataLocal{7A7212DE-991F-444D-9970-7F3725D98B7F}
2012-08-18 15:19:00 -------- d-----w- C:UsersPapaAppDataLocal{FDC41350-C8A2-45CC-B9C0-38DA910F3002}
2012-08-18 03:18:34 -------- d-----w- C:UsersPapaAppDataLocal{4416FB0C-FC13-46CE-A1CA-8C2D14744D75}
2012-08-18 03:18:22 -------- d-----w- C:UsersPapaAppDataLocal{5E07D33B-D052-45D5-BE79-C3435D5825C3}
2012-08-17 15:17:57 -------- d-----w- C:UsersPapaAppDataLocal{02CC49D4-2179-4A5C-929C-A096D3BC96D6}
2012-08-17 03:17:33 -------- d-----w- C:UsersPapaAppDataLocal{7030F170-9DCE-43C9-87D4-30AC756F5335}
2012-08-17 03:17:21 -------- d-----w- C:UsersPapaAppDataLocal{45AFBC88-813A-43CE-8F1F-1188107C9D23}
2012-08-16 15:16:55 -------- d-----w- C:UsersPapaAppDataLocal{1D971F47-2595-47F9-A317-8572AE22E8D2}
2012-08-16 15:16:43 -------- d-----w- C:UsersPapaAppDataLocal{3239C2F0-FF2F-4D32-9C77-4A7DE0C82C33}
2012-08-16 03:16:18 -------- d-----w- C:UsersPapaAppDataLocal{02497438-BA48-41CA-81F7-C09802AA8BDE}
2012-08-16 03:16:06 -------- d-----w- C:UsersPapaAppDataLocal{37B087BB-2EC4-4445-9E9E-6A925EF3E245}
2012-08-15 15:15:40 -------- d-----w- C:UsersPapaAppDataLocal{874F3B1B-0C09-4EA5-B4E2-A3E8D3128C58}
2012-08-15 15:15:27 -------- d-----w- C:UsersPapaAppDataLocal{29229140-5349-46A0-BD32-CF32F65DCEE8}
2012-08-15 14:56:25 -------- d-----w- C:UsersPapaAppDataLocal{A756F21C-FD62-4BE3-AFE4-54AD32E9073E}
2012-08-15 00:39:44 503808 ----a-w- C:WindowsSystem32srcore.dll
2012-08-15 00:39:43 43008 ----a-w- C:WindowsSysWow64srclient.dll
2012-08-15 00:32:12 751104 ----a-w- C:WindowsSystem32win32spl.dll
2012-08-15 00:32:12 67072 ----a-w- C:Windowssplwow64.exe
2012-08-15 00:32:12 559104 ----a-w- C:WindowsSystem32spoolsv.exe
2012-08-15 00:32:12 492032 ----a-w- C:WindowsSysWow64win32spl.dll
2012-08-15 00:26:55 59392 ----a-w- C:WindowsSystem32browcli.dll
2012-08-15 00:26:55 41984 ----a-w- C:WindowsSysWow64browcli.dll
2012-08-15 00:26:55 136704 ----a-w- C:WindowsSystem32browser.dll
2012-08-15 00:26:26 3148800 ----a-w- C:WindowsSystem32win32k.sys
2012-08-15 00:24:52 956928 ----a-w- C:WindowsSystem32localspl.dll
2012-08-14 23:31:47 -------- d-----w- C:UsersPapaAppDataLocal{85EE8171-1A06-4B34-9D9B-1F082711B160}
2012-08-14 11:31:22 -------- d-----w- C:UsersPapaAppDataLocal{58C20C59-A850-4463-858E-4C1EE895A962}
2012-08-14 11:31:09 -------- d-----w- C:UsersPapaAppDataLocal{F2C67B72-6464-4473-B8D7-021837438F1C}
2012-08-13 15:02:52 -------- d-----w- C:UsersPapaAppDataLocal{02E678B2-E580-4E9A-8472-E5ACC8A0EACD}
2012-08-13 03:02:27 -------- d-----w- C:UsersPapaAppDataLocal{DFDF81B8-02D3-4988-A206-32BBED371D4B}
2012-08-13 03:02:15 -------- d-----w- C:UsersPapaAppDataLocal{8986DB83-8088-47CA-A38A-98BA2367CE2E}
2012-08-12 15:01:50 -------- d-----w- C:UsersPapaAppDataLocal{4918AB2D-70BE-4270-A8F5-9299BEBD5A39}
2012-08-12 15:01:34 -------- d-----w- C:UsersPapaAppDataLocal{5ACFE5CF-E924-454B-AF23-56DED30F3558}
2012-08-12 03:01:09 -------- d-----w- C:UsersPapaAppDataLocal{E91383BA-1422-4412-A10C-76DCD83F4AFE}
2012-08-12 03:00:56 -------- d-----w- C:UsersPapaAppDataLocal{97406117-3F82-4575-8B93-F8D09EE89727}
.
==================== Find3M ====================
.
2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.xtr
2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.exe
2012-08-31 04:25:27 281152 ----a-w- C:WindowsSysWow64PnkBstrB.ex0
2012-08-26 22:18:02 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl
2012-08-26 22:18:02 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe
2012-07-28 04:09:20 5538984 ----a-w- C:WindowsSysWow64atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:WindowsSystem32driversatikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:WindowsSystem32coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:WindowsSystem32atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:WindowsSysWow64atioglxx.dll
2012-07-28 02:47:40 187392 ----a-w- C:WindowsSystem32clinfo.exe
2012-07-28 02:47:24 75776 ----a-w- C:WindowsSystem32OpenVideo64.dll
2012-07-28 02:47:16 65024 ----a-w- C:WindowsSysWow64OpenVideo.dll
2012-07-28 02:47:10 63488 ----a-w- C:WindowsSystem32OVDecode64.dll
2012-07-28 02:47:06 56320 ----a-w- C:WindowsSysWow64OVDecode.dll
2012-07-28 02:46:56 16464896 ----a-w- C:WindowsSystem32amdocl64.dll
2012-07-28 02:46:06 13013504 ----a-w- C:WindowsSysWow64amdocl.dll
2012-07-28 02:15:50 163840 ----a-w- C:WindowsSystem32atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:WindowsSysWow64aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:WindowsSystem32aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:WindowsSystem32ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:WindowsSystem32atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:WindowsSystem32atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:WindowsSystem32atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:WindowsSystem32atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:WindowsSystem32atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:WindowsSysWow64atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:WindowsSystem32atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:WindowsSystem32atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:WindowsSystem32aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:WindowsSysWow64aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:WindowsSystem32aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:WindowsSysWow64aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:WindowsSystem32aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:WindowsSysWow64atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:WindowsSysWow64aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:WindowsSystem32atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:WindowsSystem32atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:WindowsSysWow64atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:WindowsSystem32atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:WindowsSysWow64atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:WindowsSystem32atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:WindowsSystem32atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:WindowsSysWow64atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:WindowsSystem32driversatikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:WindowsSystem32atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:WindowsSysWow64atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:WindowsSystem32atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:WindowsSysWow64atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:WindowsSystem32driversati2erec.dll
2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64amdpcom32.dll
2012-07-26 07:21:28 291680 ----a-w- C:WindowsSystem32driversavgldx64.sys
2012-06-29 03:56:34 2312704 ----a-w- C:WindowsSystem32jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:WindowsSystem32wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:WindowsSystem32ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:WindowsSystem32mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:WindowsSysWow64jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:WindowsSysWow64wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb
2012-06-28 02:49:48 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe
2012-06-27 09:36:17 682280 ----a-w- C:WindowsSysWow64pbsvc.exe
.
============= FINISH: 22:48:37,42 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Édition Intégrale
Boot Device: DeviceHarddiskVolume1
Install Date: 2011-06-25 14:35:01
System Uptime: 2012-09-10 21:24:30 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N
Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 40,113 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is FIXED (NTFS) - 289 GiB total, 185,295 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 9,454 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 2012-09-04 23:11:58 - Point de contrôle planifié
RP147: 2012-09-10 13:49:34 - Opération de restauration
RP148: 2012-09-10 21:20:42 - Windows Update
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
µTorrent
Battlefield 2: Deluxe Edition
Battlefield: Bad Company™ 2
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: World at War
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Crossrider Web Apps
D3DX10
DivX Web Player
DVD Shrink 3.2
eReg
Facebook Video Calling 1.2.0.159
Fix-It
Fix-It Utilities 11 Essentials
InFlac 1.1.1
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.61.0.1400
Medal of Honor Allied Assault
Medal of Honor Allied Assault Breakthrough
Microsoft Corporation
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.3
PC Speed Maximizer v2.1
PokerStars
PunkBuster Services
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype™ 5.10
Steam
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
Veoh Web Player
Visual Studio 2008 x64 Redistributables
Winamp
Winamp Detector Plug-in
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.11 (32-bit)
Xfire (remove only)
.
==== End Of File ===========================
-
i got a virus
downloading with utorrent
anyway
since my AVG was unable to erase it
i restored it twice but AVG kept getting it
before i decided to run CCleaner, malwarebytes and fix-it essentialsr
restored a 3rd time and AVG finally got it
but the damage is done
when i start my pc
i get this little window that says:( though in french)
run.dll
problem at boot of
C:UsersPapaAppDataRoamingrlneug.dll
specified module can't be found
in AVG log i have those :
"";"C:UsersPapaAppDataRoamingspldic.dll";"Virus identifié Win32/Cryptor";"Déplacé en Quarantaine"
and :
"";"HKUS-1-5-21-2944442811-1643744279-865445854-1000SoftwareMicrosoftWindowsCurrentVersionRunspldic";"Clé de registre identifiée avec référence au fichier infecté C:UsersPapaAppDataRoamingspldic.dll";"Déplacé en Quarantaine"
so i download hijackthis and runned it but i get a small window from hijackthis before i get the final log
that says:
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may Not be able to fix this.
If this happens, you need to edit the file yourself. To do this run notepad C:/window system32/drivers etc hosts
press enter , i dont have a run button looking for it ??? i know !!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:26, on 2012-09-10
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:WindowsvVX3000.exe
C:Program Files (x86)AVGAVG2012avgtray.exe
C:Program Files (x86)Winampwinampa.exe
C:Program Files (x86)Common FilesJavaJava Updatejusched.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Windows LiveContactswlcomm.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:UsersPapaDownloadsHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll
O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"
O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver
O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe
O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe
O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe
O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)
O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe
O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe
O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe
O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe
O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe
O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)
O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe
O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe
O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe
O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe
--
End of file - 21467 bytes
the virus was identified as Win32/Cryptor
im ready to follow all instructions as well as to dowload and install anyting necessary to repare my registry
anyone who has time to help plz ?
thanks in advance
see my profile to learn about my pc
and let me know if you need more info
f
-
hey ourwilly
,
i did what you asked with the system restore and it didnt worked
but it stocked at the same place as before so i taught maybe that if i erase the program where it stopped all the time that maybe it would work and it did
so my norton icon shows that it went trough a whole scan yeah!!! i even made my last attempt in regular mode(not safe mode)
so what do you think i mean what are the results from all the scans we did?
what are the reports telling you? i know its me who should tell you if my pc is running well and it does (i think)
rofl
don't you want a final scan of something or is every thing alright ?
i want to tell you how much i appreciated the zeal you put in this and how much effective your work is,
thank you very much
forallbueaty
-
allo
me again i upgraded norton and tried a full scan it went to 200 000 files and stopped instead of the 45 000 where it used to. when it does this i cant stop the scan can't find it either on the windows task manager i have to shut down the pc using the power button and a windows open saying ccap something is now shutting down.....what do you think ?
forallbueaty
-
Hi
here it is the new report with the temp files erase strangely there is 2 cookies left ??
i wanted to asked you about the resident shield should i activate it???? will it slow down my pc since i still have norton on and prevX was slowing down my game all the time will it be the same with this????
and those in quarantine what's with them???
forallbueaty
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:16:10 PM 5/20/2007
+ Scan result:
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
::Report end
-
salut ourwilly,
yesterday was
and this morning(afternoon)
lol anyway
i'm sending you the report from AVG do you recommand that i buy it and throw out my Norton anti-virus like every one is telling me (i have the internet security pack), remember that i tried also Panda do you recommend this one instead i know it may not be your place to say but i'm asking anyway money is no object what do you think i will after i send you this: upgrade with liveupdate then try again a full scan like i told you it wasn't working i have hopes(and i have hops) lol, after all that you have done that he may work again croos my fingers and i still have the PrevX progr somewhere that i used previous to your recommandations that wasn'T bad also
i tk AVG is not bad...
and i have a few questions also
1-did you find anything suspicious(duh?)what?
2- what about that winnet.dll thing was it alright?
0oh and also i didnt clean my temp file s before the scan with AVg so i will do it again and post another report it took an hour to do i'm doing it right now....
forallbueaty
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:52:07 PM 5/20/2007
+ Scan result:
HKU\S-1-5-21-1202660629-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1202660629-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Francois\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
-
Quote
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
quote
salut ourwilly
Smitfraud fix never asked me that line
i may have taken too much of that hops but it seems to be faster already
thats the rapport(burp)
SmitFraudFix v2.183
Scan done at 14:28:00.29, Sat 05/19/2007
Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
and here's the hjt
Logfile of HijackThis v1.99.1
Scan saved at 2:43:02 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
here in Québec this monday will be la fête de Dollard whom was a patriot so lots of beer in sight rofl
hops on me
forallbueaty
-
Quote
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
quote
salut ourwilly
Smitfraud fix never asked me that line
i may have taken too much of that hops but it seems to be faster already
thats the rapport(burp)
SmitFraudFix v2.183
Scan done at 14:28:00.29, Sat 05/19/2007
Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
and here's the hjt
Logfile of HijackThis v1.99.1
Scan saved at 2:43:02 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
here in Québec this monday will be la fête de Dollard whom was a patriot so lots of beer in sight rofl
hops on me
forallbueaty
-
hello our willy
it's the week end
we dont work
here's my last smitfraud fix
SmitFraudFix v2.183
Scan done at 15:50:44.82, Fri 05/18/2007
Run from C:\Documents and Settings\Francois\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Francois\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video ActiveX Object\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7463D958-4F88-4C3C-8C7D-68E814A7C672}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
hi ourwilly
here's the latest hjt log
Logfile of HijackThis v1.99.1
Scan saved at 12:45:33 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meteomedia.com/Meteo/Villes/can...es/CAQC0768.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-
wow active scan seems to be very thorough but as i expected it jammed about at the same place as did my Noton anti-virus did that is at 47000 files checked approx. the third of all my pc files and it found 3 viruses and 4 others here's the report i'm trying the scan again but doesnt put to much hope in it to go further you already have the smithfraud fix report i'm adding thepanda report anda new hjt log ok?
forallbueaty
Incident Status Location
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Francois\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\ALLdownloads1st\déjàvu\SmitfraudFix.zip[smitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\ALLdownloads1st\déjàvu\SmitfraudFix.zip[smitfraudFix/restart.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe]
Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\Francois\Desktop\SmitfraudFix.zip[smitfraudFix/restart.exe]
Dell inspiron 1525 windows 7 won't install antivirus
in User to User Help
Posted · Report reply
this time i'm running Windows Defender full scan
elapse time 25:50