forallbueaty

User to User Help · December 14, 2018

this time i'm running Windows Defender full scan

elapse time 25:50

User to User Help · December 14, 2018

hi,

This is my son's tablet

disk C says that the 136 GB are at fullest

i can't see no program installed

erased some cache

using windows defender

clean disk doesn't do much

tried to install AVG antivirus

but get a error message saying something like

download has stop

old saves are unfound

pc is in french plz be patient

at the moment im trying to copy paste

key root????

internet is working fine

thanks to all in advance

what files do you guys\gals need ?

how do i make room on disk

and how much is 136 GB not 136 Go?

Système d’exploitation   Microsoft Windows 7 Édition Intégrale
Version   6.1.7601 Service Pack 1 Build 7601
Informations supplémentaires    Non disponible
Éditeur   Microsoft Corporation
Ordinateur   IBADET-PC
Fabricant   Dell Inc.
Modèle   Inspiron 1525
Type   PC à base de x64
Processeur   Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz, 1867 MHz, 2 cœur(s), 2 processeur(s) logique(s)
Version du BIOS/Date   Dell Inc. A13, 6/27/2008
Version SMBIOS   2.4
Répertoire Windows   C:\Windows
Répertoire système   C:\Windows\system32
Périphérique de démarrage   \Device\HarddiskVolume3
Option régionale   United States
Couche d’abstraction matérielle   Version = "6.1.7601.17514"
Utilisateur   ibadet-PC\ibadet
Fuseaux horaires   Est
Mémoire physique (RAM) installée   4.00 Go
Mémoire physique totale   3.99 Go
Mémoire physique disponible   2.46 Go
Mémoire virtuelle totale   7.98 Go
Mémoire virtuelle disponible   6.39 Go
Espace pour le fichier d’échange   3.99 Go
Fichier d’échange   D:\pagefile.sys

fab

p-s: disk E: has 5 Go available

User to User Help · December 20, 2014

thanks to all

sometimes you have to read it to remember what you already know

i really appreciate you guys taking time to answer this

i think the print screen i used in the past was in my gaming program(mohaa)

and then in the default folder of that program

but again i really appreciate to read all the answers you gave me

and links

merci beaucoup

User to User Help · December 19, 2014

allo every one

im using a laptop lenovo L 512

win 7 professionnel

on my keyboard there is a Fonction key and multi keys with the matching colour so to use that fonction key

my Fkeys stop at F12

on the insert key there is a Im Éc printed i think it means print screen

so? simple question do you know where the print screen usually stores the printed screens i did???

also im using firefox is there any other way to print my screen whenever i want

thank you

September 18, 2012

hey tomk

thank you

i think every thing is in order now

i checked and yes the last restore point was made by combofix in the restore of config panel

is there a way to save this restore point say for a long period of time?

f

September 17, 2012

hey tomk dont go i was looking forward to these little chat

il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop

( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are?

i'm guessing groups under this forum),

but the download this and dowload that kept me scared, lol

i finally succeed in finding how to get the run button in my start menu

the guy that install my pc did it in french against my will

so by default windows sets everything in french,

moving from french to english and back to french is sometimes diff.

i understand every instructions you gave in your last post

but im wondering why you uninstall all the program you installed couldnt i keep them

i probably downloaded them in my downloads file anyway

and what about those i mentionned in my earlier posts

(CCleaner, malwarebytes, etc)

will it ask me to erase them as well ?

thank you for all you done to the pc

i ll make sure to read the info you gave

i have one question

i saw combofix did a restore point and i see youre saying it will use it

im wondering is the restore point i used and talked about in my beginning post be still good?

thank you very much

fv

September 16, 2012

here you go

thanks for everything again tomk

was pretty sure i send you this yesterday

seems not

have a good day

f

Farbar Service Scanner Version: 06-08-2012

Ran by Papa (administrator) on 16-09-2012 at 12:45:15

Running from "C:UsersPapaDownloads"

Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys

[2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:WindowsSystem32ipnathlp.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

**** End of log ****

September 15, 2012

hey tomk

how strange i just received the Windows renewing of contract e-mail for the services ?)

i started the FSS

i dont have a "Include All Files" option

i have 8 ckboxes

2 first are already checked

RpcSs and Plugplay

Internet Services

Windows Firewall

Systèm Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

and there is a board to Search:

then 3 buttons

Scan, Search Files, Export Service

September 14, 2012

system failure trying to restore system successfully restored wow this one had me running for a sec.

when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that

i said no and restart the pc

so here i am ...

and this is the combomix log:

ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00]

Lancé depuis: c:usersPapaDesktopComboFix.exe

Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée

Copie restaurée à partir de - c:windowserdntcache64services.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 ))))))))))))))))))))))))))))))))))))

.

2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET

2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll

2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner

2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus

2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys

2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés

2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe

2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr

2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe

2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0

2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll

2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys

2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll

2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll

2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll

2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe

2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll

2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll

2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll

2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll

2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll

2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll

2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe

2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll

2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll

2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll

2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe

2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe

2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll

2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll

2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll

2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll

2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll

2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll

2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll

2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll

2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll

2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll

2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll

2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll

2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll

2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll

2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll

2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll

2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll

2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys

2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll

2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll

2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll

2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll

2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll

2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys

2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys

2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll

2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll

2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll

2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll

2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll

2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll

2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll

2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll

2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll

2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe

2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll

[-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll

.

[-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

.

((((((((((((((((((((((((((((( [email protected]_02.33.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin

- 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

- 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

+ 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]

"LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]

"WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]

R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]

R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]

S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]

S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

.

Contenu du dossier 'Tâches planifiées'

.

2012-09-14 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]

.

2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]

.

------- Examen supplémentaire -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.ca/ig

mLocal Page = c:windowsSysWOW64blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:progra~2AVANQU~1Fix-Itmxtask2.exe

c:windowsSysWOW64PnkBstrA.exe

.

**************************************************************************

.

Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré

ComboFix-quarantined-files.txt 2012-09-14 22:48

ComboFix2.txt 2012-09-12 02:55

.

Avant-CF: 41 512 349 696 octets libres

Après-CF: 41 286 852 608 octets libres

.

- - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672

September 14, 2012

hey Tomk how are you

i dowloaded combofix again directly to the desktop

its the 1st time that i do that

do you have many application on your pc installed on the desktop?? lol

got a window though saying

smartscreen has detect combofix and think it could harm your pc:

i understand combofix cant run when my AVG is running

but its scary

is smartscreen a part of AVG, what do you think ?

f

September 13, 2012

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

was wondering didnt had my combofix on my desktop so i found combofix somewhere and dragged a shortcut to my desktop will it work the same ?

probably the same, yes?

September 13, 2012

hey Tomk

how are you today?

i chked Kantaris its a media player

dont know where it comes from

maybe i use it when i look at movies on the net

i try to store my things in F:

so i have more place to run the programs

hope i didnt scrap my F:

heres the ESETSCAN.txt you asked

C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan

C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application

C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application

F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

September 12, 2012

hi tomk,

i wont erase utorrent , i knew the risks,

but i wont start it til' you tell me that my pc is clean

you didnt say if you were to restore my registry

you said malware i have runned malwarebytes without finding

if you find some plz tell it to me so im up to date

are you going to use hijackthis or not after combo? and why?

i appreciated your help thank you

f

here the combofix log

hope everything is at your liking

ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00]

Lancé depuis: c:usersPapaDownloadsComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:usersPapaAppDataLocalTempDIR

c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt

c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt

c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt

c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 ))))))))))))))))))))))))))))))))))))