forallbueaty Report post Posted September 11, 2012 (edited) i got a virus downloading with utorrent anyway since my AVG was unable to erase it i restored it twice but AVG kept getting it before i decided to run CCleaner, malwarebytes and fix-it essentialsr restored a 3rd time and AVG finally got it but the damage is done when i start my pc i get this little window that says:( though in french) run.dll problem at boot of C:UsersPapaAppDataRoamingrlneug.dll specified module can't be found in AVG log i have those : "";"C:UsersPapaAppDataRoamingspldic.dll";"Virus identifié Win32/Cryptor";"Déplacé en Quarantaine" and : "";"HKUS-1-5-21-2944442811-1643744279-865445854-1000SoftwareMicrosoftWindowsCurrentVersionRunspldic";"Clé de registre identifiée avec référence au fichier infecté C:UsersPapaAppDataRoamingspldic.dll";"Déplacé en Quarantaine" so i download hijackthis and runned it but i get a small window from hijackthis before i get the final log that says: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may Not be able to fix this. If this happens, you need to edit the file yourself. To do this run notepad C:/window system32/drivers etc hosts press enter , i dont have a run button looking for it ??? i know !! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:50:26, on 2012-09-10 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:WindowsvVX3000.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)Windows LiveMessengermsnmsgr.exe C:Program Files (x86)Windows LiveContactswlcomm.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe C:Program Files (x86)Internet Exploreriexplore.exe C:UsersPapaDownloadsHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe -- End of file - 21467 bytes the virus was identified as Win32/Cryptor im ready to follow all instructions as well as to dowload and install anyting necessary to repare my registry anyone who has time to help plz ? thanks in advance see my profile to learn about my pc and let me know if you need more info f Edited September 13, 2012 by forallbueaty Share this post Link to post Share on other sites
forallbueaty Report post Posted September 11, 2012 as instructed those are the dds log and the attach.txt thanks . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Papa at 22:47:39 on 2012-09-10 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3775 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:PROGRA~2AVGAVG2012avgrsa.exe C:Program Files (x86)AVGAVG2012avgcsrva.exe C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:Windowssystem32atiesrxx.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32atieclxx.exe C:Windowssystem32svchost.exe -k NetworkService C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe C:Program Files (x86)AVGAVG2012avgwdsvc.exe C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork C:PROGRA~2AVANQU~1Fix-ItMxTask.exe C:Windowssystem32taskhost.exe C:WindowsExplorer.EXE C:Program FilesMicrosoft LifeCamMSCamS64.exe C:PROGRA~2AVANQU~1Fix-Itmxtask2.exe C:WindowsSysWOW64PnkBstrA.exe C:Windowssystem32svchost.exe -k imgsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe C:WindowsvVX3000.exe C:WindowsSystem32rundll32.exe C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe C:Program Files (x86)AVGAVG2012avgnsa.exe C:Program Files (x86)AVGAVG2012avgemca.exe C:Windowssystem32SearchIndexer.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Program Files (x86)Windows LiveMessengermsnmsgr.exe C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe C:Program Files (x86)AVGAVG2012avgui.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe C:Program Files (x86)Windows LiveContactswlcomm.exe C:UsersPapaDownloadsHijackThis.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:WindowsSysWOW64cmd.exe C:Windowssystem32conhost.exe C:WindowsSysWOW64cscript.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ig mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll uRun: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver uRun: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" mRun: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces{185D1B80-94AD-44E6-B843-6228F67257D8} : DhcpNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {9030D464-4C02-4ABF-8ECC-5164760863C6} {A876E312-7D08-401a-B7A6-FAFC5DC2F292} {DBC80044-A445-435b-BC74-9C25C1C588A9} mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" mRun-x64: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" mRun-x64: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-6-11 361984] R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2012-5-9 328704] R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288] R2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service --> C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service [?] R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?] R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?] R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdW76.sys --> C:Windowssystem32driversAtihdW76.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-3 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-3 250568] S3 driverhardwarev2x64;driverhardwarev2x64;C:Program Filesma-config.comDriversdriverhardwarev2x64.sys [2011-7-21 16640] S3 maconfservice;Ma-Config Service;C:Program Filesma-config.comx64maconfservice.exe [2011-11-25 427640] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:Windowssystem32driversrdpvideominiport.sys --> C:Windowssystem32driversrdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?] S3 WatAdminSvc;Service Windows Activation Technologies;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-10 20:18:00 -------- d-----w- C:UsersPapaAppDataLocal{85E30EAB-4B4D-455A-860C-DF5152305EAA} 2012-09-10 18:28:14 -------- d-----w- C:UsersPapaAppDataLocal{4C3F087A-0EED-4C7E-8883-736C0C3297A2} 2012-09-10 01:59:07 -------- d-----w- C:UsersPapaAppDataLocal{DC69328E-E9A8-4F8F-927E-53CDF73A4653} 2012-09-09 01:58:28 -------- d-----w- C:UsersPapaAppDataLocal{4942C072-CEDD-4134-9FED-70175DB7E13F} 2012-09-08 13:58:03 -------- d-----w- C:UsersPapaAppDataLocal{4526F9E7-3A7C-4775-B894-1971604D56FB} 2012-09-08 01:57:38 -------- d-----w- C:UsersPapaAppDataLocal{ACF2F96A-751D-4F58-9D2E-8927911835B9} 2012-09-07 13:57:13 -------- d-----w- C:UsersPapaAppDataLocal{253B3B36-43FB-4392-A361-BF66F24C7B26} 2012-09-07 01:56:48 -------- d-----w- C:UsersPapaAppDataLocal{E88D8004-A655-4C2A-8D8F-31B4E66F1C6C} 2012-09-06 13:34:46 -------- d-----w- C:UsersPapaAppDataLocal{765699B6-41A4-47F9-80C1-BE1B1A2A8877} 2012-09-06 01:34:21 -------- d-----w- C:UsersPapaAppDataLocal{035F0375-112A-4927-B66E-7BDDC38FA4F3} 2012-09-05 01:27:43 -------- d-----w- C:UsersPapaAppDataLocal{FEAD323C-30F7-4705-B294-011939FCD00B} 2012-09-04 13:27:19 -------- d-----w- C:UsersPapaAppDataLocal{EE42C8D2-4A60-4118-B1BA-270144B06B6F} 2012-09-04 01:26:49 -------- d-----w- C:UsersPapaAppDataLocal{64B4AA6F-DE94-423B-AA3E-18D854D0B1BE} 2012-09-04 01:17:15 -------- d-----w- C:UsersPapaMes fichiers reçus 2012-09-02 00:56:31 -------- d-----w- C:UsersPapaAppDataLocal{C491865C-8626-4756-AA15-94FD0613E713} 2012-09-01 12:56:06 -------- d-----w- C:UsersPapaAppDataLocal{B879FBCC-A8CB-4599-A268-2212BBBEE339} 2012-09-01 00:55:36 -------- d-----w- C:UsersPapaAppDataLocal{4CA9856D-2009-4C70-B2AB-FBD0B9FF116E} 2012-08-31 10:27:11 -------- d-----w- C:UsersPapaAppDataLocal{E0177A7B-B254-4BFA-8F3A-F6598948113C} 2012-08-29 04:33:47 -------- d-----w- C:UsersPapaAppDataLocal{242CE880-66EF-4F46-88B1-318C52A0A75A} 2012-08-28 16:33:22 -------- d-----w- C:UsersPapaAppDataLocal{273B0523-A4D7-4067-9F5C-692A3C09947D} 2012-08-28 01:46:12 -------- d-----w- C:UsersPapaAppDataLocal{B8E8BD13-FEFF-46FC-A3D9-A29F5612F39A} 2012-08-26 22:12:26 -------- d-----w- C:UsersPapaAppDataLocal{2B401CBB-2656-40ED-9C03-97B3397A56C1} 2012-08-25 01:41:27 -------- d-----w- C:UsersPapaAppDataLocal{912EC5FB-DC4C-417E-A8A6-A16664F04707} 2012-08-24 19:43:16 384352 ----a-w- C:WindowsSystem32driversavgtdia.sys 2012-08-24 13:41:02 -------- d-----w- C:UsersPapaAppDataLocal{C317BD23-A3CF-4408-A4B7-CF6E739D3FE2} 2012-08-24 01:40:37 -------- d-----w- C:UsersPapaAppDataLocal{775980D0-DF37-4A9E-8AA3-35CC7B860362} 2012-08-23 12:40:46 -------- d-----w- C:UsersPapaAppDataLocal{D083C19B-467C-43CD-BCC8-FBEFC76149EC} 2012-08-22 17:49:40 -------- d-----w- C:UsersPapaAppDataLocal{398B7A4E-08BA-453F-8338-1030277359F8} 2012-08-22 01:33:25 -------- d-----w- C:UsersPapaAppDataLocal{0A817F48-1A0F-4F24-8C2D-325B4419AFC6} 2012-08-21 00:41:14 -------- d-----w- C:UsersPapaAppDataLocal{0968E816-C6B5-493D-B793-9AEC0A6459A0} 2012-08-20 12:40:49 -------- d-----w- C:UsersPapaAppDataLocal{BA5CE7CB-C403-4505-99D0-F68FA84F8B9B} 2012-08-19 16:14:36 -------- d-----w- C:UsersPapaAppDataLocal{4A026A8F-1F99-4B7F-AA27-45A95F28C78D} 2012-08-19 04:14:10 -------- d-----w- C:UsersPapaAppDataLocal{E6B12D4D-2021-42B2-93A7-77E00BF451F1} 2012-08-18 15:56:16 -------- d-----w- C:Program Filesprogrutilisés 2012-08-18 15:42:05 -------- d-----w- C:Program Files (x86)AMD APP 2012-08-18 15:19:12 -------- d-----w- C:UsersPapaAppDataLocal{7A7212DE-991F-444D-9970-7F3725D98B7F} 2012-08-18 15:19:00 -------- d-----w- C:UsersPapaAppDataLocal{FDC41350-C8A2-45CC-B9C0-38DA910F3002} 2012-08-18 03:18:34 -------- d-----w- C:UsersPapaAppDataLocal{4416FB0C-FC13-46CE-A1CA-8C2D14744D75} 2012-08-18 03:18:22 -------- d-----w- C:UsersPapaAppDataLocal{5E07D33B-D052-45D5-BE79-C3435D5825C3} 2012-08-17 15:17:57 -------- d-----w- C:UsersPapaAppDataLocal{02CC49D4-2179-4A5C-929C-A096D3BC96D6} 2012-08-17 03:17:33 -------- d-----w- C:UsersPapaAppDataLocal{7030F170-9DCE-43C9-87D4-30AC756F5335} 2012-08-17 03:17:21 -------- d-----w- C:UsersPapaAppDataLocal{45AFBC88-813A-43CE-8F1F-1188107C9D23} 2012-08-16 15:16:55 -------- d-----w- C:UsersPapaAppDataLocal{1D971F47-2595-47F9-A317-8572AE22E8D2} 2012-08-16 15:16:43 -------- d-----w- C:UsersPapaAppDataLocal{3239C2F0-FF2F-4D32-9C77-4A7DE0C82C33} 2012-08-16 03:16:18 -------- d-----w- C:UsersPapaAppDataLocal{02497438-BA48-41CA-81F7-C09802AA8BDE} 2012-08-16 03:16:06 -------- d-----w- C:UsersPapaAppDataLocal{37B087BB-2EC4-4445-9E9E-6A925EF3E245} 2012-08-15 15:15:40 -------- d-----w- C:UsersPapaAppDataLocal{874F3B1B-0C09-4EA5-B4E2-A3E8D3128C58} 2012-08-15 15:15:27 -------- d-----w- C:UsersPapaAppDataLocal{29229140-5349-46A0-BD32-CF32F65DCEE8} 2012-08-15 14:56:25 -------- d-----w- C:UsersPapaAppDataLocal{A756F21C-FD62-4BE3-AFE4-54AD32E9073E} 2012-08-15 00:39:44 503808 ----a-w- C:WindowsSystem32srcore.dll 2012-08-15 00:39:43 43008 ----a-w- C:WindowsSysWow64srclient.dll 2012-08-15 00:32:12 751104 ----a-w- C:WindowsSystem32win32spl.dll 2012-08-15 00:32:12 67072 ----a-w- C:Windowssplwow64.exe 2012-08-15 00:32:12 559104 ----a-w- C:WindowsSystem32spoolsv.exe 2012-08-15 00:32:12 492032 ----a-w- C:WindowsSysWow64win32spl.dll 2012-08-15 00:26:55 59392 ----a-w- C:WindowsSystem32browcli.dll 2012-08-15 00:26:55 41984 ----a-w- C:WindowsSysWow64browcli.dll 2012-08-15 00:26:55 136704 ----a-w- C:WindowsSystem32browser.dll 2012-08-15 00:26:26 3148800 ----a-w- C:WindowsSystem32win32k.sys 2012-08-15 00:24:52 956928 ----a-w- C:WindowsSystem32localspl.dll 2012-08-14 23:31:47 -------- d-----w- C:UsersPapaAppDataLocal{85EE8171-1A06-4B34-9D9B-1F082711B160} 2012-08-14 11:31:22 -------- d-----w- C:UsersPapaAppDataLocal{58C20C59-A850-4463-858E-4C1EE895A962} 2012-08-14 11:31:09 -------- d-----w- C:UsersPapaAppDataLocal{F2C67B72-6464-4473-B8D7-021837438F1C} 2012-08-13 15:02:52 -------- d-----w- C:UsersPapaAppDataLocal{02E678B2-E580-4E9A-8472-E5ACC8A0EACD} 2012-08-13 03:02:27 -------- d-----w- C:UsersPapaAppDataLocal{DFDF81B8-02D3-4988-A206-32BBED371D4B} 2012-08-13 03:02:15 -------- d-----w- C:UsersPapaAppDataLocal{8986DB83-8088-47CA-A38A-98BA2367CE2E} 2012-08-12 15:01:50 -------- d-----w- C:UsersPapaAppDataLocal{4918AB2D-70BE-4270-A8F5-9299BEBD5A39} 2012-08-12 15:01:34 -------- d-----w- C:UsersPapaAppDataLocal{5ACFE5CF-E924-454B-AF23-56DED30F3558} 2012-08-12 03:01:09 -------- d-----w- C:UsersPapaAppDataLocal{E91383BA-1422-4412-A10C-76DCD83F4AFE} 2012-08-12 03:00:56 -------- d-----w- C:UsersPapaAppDataLocal{97406117-3F82-4575-8B93-F8D09EE89727} . ==================== Find3M ==================== . 2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.xtr 2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.exe 2012-08-31 04:25:27 281152 ----a-w- C:WindowsSysWow64PnkBstrB.ex0 2012-08-26 22:18:02 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2012-08-26 22:18:02 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe 2012-07-28 04:09:20 5538984 ----a-w- C:WindowsSysWow64atiumdag.dll 2012-07-28 04:07:44 10278912 ----a-w- C:WindowsSystem32driversatikmdag.sys 2012-07-28 03:43:12 70144 ----a-w- C:WindowsSystem32coinst_8.982.dll 2012-07-28 03:19:34 24935424 ----a-w- C:WindowsSystem32atio6axx.dll 2012-07-28 02:50:10 20546560 ----a-w- C:WindowsSysWow64atioglxx.dll 2012-07-28 02:47:40 187392 ----a-w- C:WindowsSystem32clinfo.exe 2012-07-28 02:47:24 75776 ----a-w- C:WindowsSystem32OpenVideo64.dll 2012-07-28 02:47:16 65024 ----a-w- C:WindowsSysWow64OpenVideo.dll 2012-07-28 02:47:10 63488 ----a-w- C:WindowsSystem32OVDecode64.dll 2012-07-28 02:47:06 56320 ----a-w- C:WindowsSysWow64OVDecode.dll 2012-07-28 02:46:56 16464896 ----a-w- C:WindowsSystem32amdocl64.dll 2012-07-28 02:46:06 13013504 ----a-w- C:WindowsSysWow64amdocl.dll 2012-07-28 02:15:50 163840 ----a-w- C:WindowsSystem32atiapfxx.exe 2012-07-28 02:15:42 931328 ----a-w- C:WindowsSysWow64aticfx32.dll 2012-07-28 02:13:56 1100288 ----a-w- C:WindowsSystem32aticfx64.dll 2012-07-28 02:10:40 442368 ----a-w- C:WindowsSystem32ATIDEMGX.dll 2012-07-28 02:10:34 534528 ----a-w- C:WindowsSystem32atieclxx.exe 2012-07-28 02:09:44 239616 ----a-w- C:WindowsSystem32atiesrxx.exe 2012-07-28 02:08:20 120320 ----a-w- C:WindowsSystem32atitmm64.dll 2012-07-28 02:08:04 21504 ----a-w- C:WindowsSystem32atimuixx.dll 2012-07-28 02:07:58 59392 ----a-w- C:WindowsSystem32atiedu64.dll 2012-07-28 02:07:52 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll 2012-07-28 02:07:10 6430208 ----a-w- C:WindowsSysWow64atidxx32.dll 2012-07-28 01:51:12 7052288 ----a-w- C:WindowsSystem32atidxx64.dll 2012-07-28 01:41:32 4266496 ----a-w- C:WindowsSystem32atiumd6a.dll 2012-07-28 01:35:10 51200 ----a-w- C:WindowsSystem32aticalrt64.dll 2012-07-28 01:35:08 46080 ----a-w- C:WindowsSysWow64aticalrt.dll 2012-07-28 01:35:02 44544 ----a-w- C:WindowsSystem32aticalcl64.dll 2012-07-28 01:35:00 44032 ----a-w- C:WindowsSysWow64aticalcl.dll 2012-07-28 01:34:48 16034304 ----a-w- C:WindowsSystem32aticaldd64.dll 2012-07-28 01:32:32 4751872 ----a-w- C:WindowsSysWow64atiumdva.dll 2012-07-28 01:30:10 13605888 ----a-w- C:WindowsSysWow64aticaldd.dll 2012-07-28 01:25:52 6676480 ----a-w- C:WindowsSystem32atiumd64.dll 2012-07-28 01:15:32 540160 ----a-w- C:WindowsSystem32atiadlxx.dll 2012-07-28 01:15:22 368640 ----a-w- C:WindowsSysWow64atiadlxy.dll 2012-07-28 01:15:12 17920 ----a-w- C:WindowsSystem32atig6pxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:WindowsSysWow64atiglpxx.dll 2012-07-28 01:15:08 14848 ----a-w- C:WindowsSystem32atiglpxx.dll 2012-07-28 01:15:04 41984 ----a-w- C:WindowsSystem32atig6txx.dll 2012-07-28 01:14:56 33280 ----a-w- C:WindowsSysWow64atigktxx.dll 2012-07-28 01:14:46 368640 ----a-w- C:WindowsSystem32driversatikmpag.sys 2012-07-28 01:13:54 129536 ----a-w- C:WindowsSystem32atiuxp64.dll 2012-07-28 01:13:48 109568 ----a-w- C:WindowsSysWow64atiuxpag.dll 2012-07-28 01:13:40 103936 ----a-w- C:WindowsSystem32atiu9p64.dll 2012-07-28 01:13:32 83456 ----a-w- C:WindowsSysWow64atiu9pag.dll 2012-07-28 01:12:54 53248 ----a-w- C:WindowsSystem32driversati2erec.dll 2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32atimpc64.dll 2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32amdpcom64.dll 2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64atimpc32.dll 2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64amdpcom32.dll 2012-07-26 07:21:28 291680 ----a-w- C:WindowsSystem32driversavgldx64.sys 2012-06-29 03:56:34 2312704 ----a-w- C:WindowsSystem32jscript9.dll 2012-06-29 03:49:11 1392128 ----a-w- C:WindowsSystem32wininet.dll 2012-06-29 03:48:07 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl 2012-06-29 03:43:49 173056 ----a-w- C:WindowsSystem32ieUnatt.exe 2012-06-29 03:39:48 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2012-06-29 00:16:58 1800704 ----a-w- C:WindowsSysWow64jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- C:WindowsSysWow64wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2012-06-28 02:49:48 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe 2012-06-27 09:36:17 682280 ----a-w- C:WindowsSysWow64pbsvc.exe . ============= FINISH: 22:48:37,42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Édition Intégrale Boot Device: DeviceHarddiskVolume1 Install Date: 2011-06-25 14:35:01 System Uptime: 2012-09-10 21:24:30 (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M2N Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 149 GiB total, 40,113 GiB free. D: is CDROM () E: is CDROM (UDF) F: is FIXED (NTFS) - 289 GiB total, 185,295 GiB free. G: is FIXED (NTFS) - 10 GiB total, 9,454 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP146: 2012-09-04 23:11:58 - Point de contrôle planifié RP147: 2012-09-10 13:49:34 - Opération de restauration RP148: 2012-09-10 21:20:42 - Windows Update . ==== Installed Programs ====================== . AC3Filter 1.63b Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 AMD VISION Engine Control Center Apple Application Support Apple Software Update µTorrent Battlefield 2: Deluxe Edition Battlefield: Bad Company™ 2 Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: World at War Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Company of Heroes Crossrider Web Apps D3DX10 DivX Web Player DVD Shrink 3.2 eReg Facebook Video Calling 1.2.0.159 Fix-It Fix-It Utilities 11 Essentials InFlac 1.1.1 Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.61.0.1400 Medal of Honor Allied Assault Medal of Honor Allied Assault Breakthrough Microsoft Corporation Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT NVIDIA ForceWare Network Access Manager OpenOffice.org 3.3 PC Speed Maximizer v2.1 PokerStars PunkBuster Services QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) Skype™ 5.10 Steam TeamSpeak 3 Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC80CRTRedist - 8.0.50727.6195 Veetle TV 0.9.18 Veoh Web Player Visual Studio 2008 x64 Redistributables Winamp Winamp Detector Plug-in Windows Live Windows Live Communications Platform Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.11 (32-bit) Xfire (remove only) . ==== End Of File =========================== Share this post Link to post Share on other sites
forallbueaty Report post Posted September 11, 2012 i runned the hijackthis.exe with administrator rights and obtained this : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:04:24, on 2012-09-11 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:WindowsvVX3000.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program Files (x86)Winampwinampa.exe C:Program Files (x86)Common FilesJavaJava Updatejusched.exe C:Program Files (x86)Windows LiveMessengermsnmsgr.exe C:Program Files (x86)Windows LiveContactswlcomm.exe C:Program Files (x86)Internet ExplorerIELowutil.exe C:UsersPapaDownloadsHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe" O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe" O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe" O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU') O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe -- End of file - 21711 bytes Share this post Link to post Share on other sites
Tomk_ Report post Posted September 11, 2012 Hi forallbueaty, , My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. utorrentYou have utorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. References for the risk of these programs can be found in these links: http://www.microsoft...protection.mspx http://www.techweb.com/wire/160500554 http://www.internetw...cles/art053.htm I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator.... Download ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html Double click on ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 12, 2012 hi tomk, i wont erase utorrent , i knew the risks, but i wont start it til' you tell me that my pc is clean you didnt say if you were to restore my registry you said malware i have runned malwarebytes without finding if you find some plz tell it to me so im up to date are you going to use hijackthis or not after combo? and why? i appreciated your help thank you f here the combofix log hope everything is at your liking ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00] Lancé depuis: c:usersPapaDownloadsComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:usersPapaAppDataLocalTempDIR c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 )))))))))))))))))))))))))))))))))))) . . 2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll 2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll 2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner 2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus 2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys 2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés 2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP 2012-08-15 00:39 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll 2012-08-15 00:39 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll 2012-08-15 00:32 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll 2012-08-15 00:32 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe 2012-08-15 00:32 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe 2012-08-15 00:32 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll 2012-08-15 00:26 . 2012-07-04 22:16 73216 ----a-w- c:windowssystem32netapi32.dll 2012-08-15 00:26 . 2012-07-04 22:13 59392 ----a-w- c:windowssystem32browcli.dll 2012-08-15 00:26 . 2012-07-04 22:13 136704 ----a-w- c:windowssystem32browser.dll 2012-08-15 00:26 . 2012-07-04 21:14 41984 ----a-w- c:windowsSysWow64browcli.dll 2012-08-15 00:26 . 2012-07-18 18:15 3148800 ----a-w- c:windowssystem32win32k.sys 2012-08-15 00:24 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe 2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr 2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe 2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0 2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll 2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys 2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll 2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll 2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll 2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe 2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll 2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll 2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll 2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll 2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll 2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll 2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe 2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll 2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll 2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll 2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe 2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe 2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll 2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll 2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll 2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll 2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll 2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll 2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll 2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll 2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll 2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll 2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll 2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll 2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll 2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll 2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll 2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll 2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll 2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll 2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys 2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll 2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll 2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll 2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll 2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll 2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys 2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe 2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll . [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984] "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152] "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704] "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568] R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640] R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984] S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704] S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288] S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816] S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . Contenu du dossier 'Tâches planifiées' . 2012-09-12 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18] . 2012-09-11 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . 2012-09-12 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.ca/ig mLocal Page = c:windowsSysWOW64blank.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKCU-Run-rlneug - c:usersPapaAppDataRoamingrlneug.dll AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:windowsSysWOW64PnkBstrA.exe c:progra~2AVANQU~1Fix-Itmxtask2.exe . ************************************************************************** . Heure de fin: 2012-09-11 22:55:31 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-12 02:55 . Avant-CF: 42 208 088 064 octets libres Après-CF: 41 588 035 584 octets libres . - - End Of File - - 886C9F6A01008AFFDEE13E0CF91CE62E Share this post Link to post Share on other sites
Tomk_ Report post Posted September 12, 2012 I don't think hijackthis works very well with windows 7. I can do everything with ComboFix that I can do with Hijackthis... plus a whole lot more. Let's get an online scan. This will take a long time. Probably hours. Go here to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish Share this post Link to post Share on other sites
forallbueaty Report post Posted September 13, 2012 (edited) hey Tomk how are you today? i chked Kantaris its a media player dont know where it comes from maybe i use it when i look at movies on the net i try to store my things in F: so i have more place to run the programs hope i didnt scrap my F: heres the ESETSCAN.txt you asked C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application Edited September 13, 2012 by forallbueaty Share this post Link to post Share on other sites
Tomk_ Report post Posted September 13, 2012 I believe we can clean all that up. The ones that are marked "Win32/OpenCandy application" are adware. PC speed maximizer is just garbage. It won't make your PC any faster but will actually use up resources and most likely will slow it down. The worst thing showing is the trojan. COMBOFIX-Script Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: File:: C:\Program Files (x86)\Avanquest\Fix-It\W32Int13.dll C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe C:\Users\Papa\Downloads\nouvdowns\Kantaris_0.7.7_setup.exe C:\Users\Papa\Downloads\nouvdowns\winamp562_full_emusic-7plus_all.exe C:\Users\Papa\Videos\AutoCAD LT 2009 x64\AutoCAD LT 2009\Keygen.exe F:\alain_drivers\Kantaris_0.7.7_setup.exe F:\alain_drivers\winamp562_full_emusic-7plus_all.exe F:\mesvieuyx\nouvdowns\Kantaris_0.7.7_setup.exe F:\mesvieuyx\nouvdowns\winamp562_full_emusic-7plus_all.exe F:\musique\nouvdowns\Kantaris_0.7.7_setup.exe F:\musique\nouvdowns\winamp562_full_emusic-7plus_all.exe Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 13, 2012 Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. was wondering didnt had my combofix on my desktop so i found combofix somewhere and dragged a shortcut to my desktop will it work the same ?probably the same, yes? Share this post Link to post Share on other sites
Tomk_ Report post Posted September 14, 2012 Nope. Won't work to drag it into a shortcut. Need to drag it into the .exe file. You've got it in your downloads folder. Either move it to your desktop... or redownload it and put it on your desktop this time. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 14, 2012 hey Tomk how are you i dowloaded combofix again directly to the desktop its the 1st time that i do that do you have many application on your pc installed on the desktop?? lol got a window though saying smartscreen has detect combofix and think it could harm your pc: i understand combofix cant run when my AVG is running but its scary is smartscreen a part of AVG, what do you think ? f Share this post Link to post Share on other sites
Tomk_ Report post Posted September 14, 2012 Smart Screen is a component of Internet Explorer 9. ComboFix is safe to run under supervision. That warning is just pointing out that it is very powerful and can make changes to your system... which it can. That's why we use it. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 14, 2012 system failure trying to restore system successfully restored wow this one had me running for a sec. when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that i said no and restart the pc so here i am ... and this is the combomix log: ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00] Lancé depuis: c:usersPapaDesktopComboFix.exe Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée Copie restaurée à partir de - c:windowserdntcache64services.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 )))))))))))))))))))))))))))))))))))) . . 2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET 2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys 2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys 2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll 2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll 2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner 2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus 2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys 2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés 2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe 2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr 2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe 2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0 2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll 2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys 2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll 2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll 2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll 2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe 2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll 2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll 2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll 2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll 2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll 2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll 2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe 2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll 2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll 2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll 2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe 2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe 2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll 2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll 2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll 2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll 2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll 2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll 2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll 2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll 2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll 2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll 2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll 2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll 2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll 2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll 2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll 2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll 2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll 2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll 2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll 2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys 2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll 2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll 2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll 2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll 2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll 2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll 2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys 2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys 2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll 2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll 2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll 2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll 2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll 2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll 2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll 2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll 2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll 2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe 2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll [-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll . [-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-09-12_02.33.53 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin + 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin - 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat - 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat + 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984] "LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152] "WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240] "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296] "StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704] "Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568] R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640] R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352] S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616] S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984] S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704] S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288] S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816] S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912] S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776] . . Contenu du dossier 'Tâches planifiées' . 2012-09-14 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18] . 2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . 2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job - c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736] . ------- Examen supplémentaire ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.ca/ig mLocal Page = c:windowsSysWOW64blank.htm TCP: DhcpNameServer = 192.168.2.1 . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:progra~2AVANQU~1Fix-Itmxtask2.exe c:windowsSysWOW64PnkBstrA.exe . ************************************************************************** . Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré ComboFix-quarantined-files.txt 2012-09-14 22:48 ComboFix2.txt 2012-09-12 02:55 . Avant-CF: 41 512 349 696 octets libres Après-CF: 41 286 852 608 octets libres . - - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672 Share this post Link to post Share on other sites
Tomk_ Report post Posted September 15, 2012 ComboFix found an infected windows file... that wasn't infected earlier. We better check on your services. Please download Farbar Service Scanner and run it on the computer with the issue. Make sure "Include All Files" option remains checked. Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 15, 2012 hey tomk how strange i just received the Windows renewing of contract e-mail for the services ?) i started the FSS i dont have a "Include All Files" option i have 8 ckboxes 2 first are already checked RpcSs and Plugplay Internet Services Windows Firewall Systèm Restore Security Center/Action Center Windows Update Windows Defender Other Services and there is a board to Search: then 3 buttons Scan, Search Files, Export Service Share this post Link to post Share on other sites
Tomk_ Report post Posted September 15, 2012 Check all the boxes and then click the scan button. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 16, 2012 here you go thanks for everything again tomk was pretty sure i send you this yesterday seems not have a good day f Farbar Service Scanner Version: 06-08-2012 Ran by Papa (administrator) on 16-09-2012 at 12:45:15 Running from "C:UsersPapaDownloads" Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:WindowsSystem32nsisvc.dll => MD5 is legit C:WindowsSystem32driversnsiproxy.sys => MD5 is legit C:WindowsSystem32driversafd.sys => MD5 is legit C:WindowsSystem32driverstdx.sys => MD5 is legit C:WindowsSystem32Driverstcpip.sys [2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC C:WindowsSystem32dnsrslvr.dll => MD5 is legit C:WindowsSystem32mpssvc.dll => MD5 is legit C:WindowsSystem32bfe.dll => MD5 is legit C:WindowsSystem32driversmpsdrv.sys => MD5 is legit C:WindowsSystem32SDRSVC.dll => MD5 is legit C:WindowsSystem32vssvc.exe => MD5 is legit C:WindowsSystem32wscsvc.dll => MD5 is legit C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit C:WindowsSystem32wuaueng.dll => MD5 is legit C:WindowsSystem32qmgr.dll => MD5 is legit C:WindowsSystem32es.dll => MD5 is legit C:WindowsSystem32cryptsvc.dll => MD5 is legit C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit C:WindowsSystem32ipnathlp.dll => MD5 is legit C:WindowsSystem32svchost.exe => MD5 is legit C:WindowsSystem32rpcss.dll => MD5 is legit **** End of log **** Share this post Link to post Share on other sites
Tomk_ Report post Posted September 16, 2012 That all looks good. As far as I can tell... that's it for malware. Let's cleanup. Time for some housekeeping Click START then RUN Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there. The above procedure will:Implement some cleanup procedures. Reset System Restore. Now to remove most of the tools that we have used in fixing your machine:Make sure you have an Internet Connection. Download OTC to your desktop and run it A list of tool components used in the cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so. Click Yes to begin the cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes. Please re-enable any security that was disabled. The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing. Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein. I would also suggest you read this: So how did I get infected in the first place? by Tony Klein Also: "How to prevent malware" by miekiemoes Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 17, 2012 hey tomk dont go i was looking forward to these little chat il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop ( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are? i'm guessing groups under this forum), but the download this and dowload that kept me scared, lol i finally succeed in finding how to get the run button in my start menu the guy that install my pc did it in french against my will so by default windows sets everything in french, moving from french to english and back to french is sometimes diff. i understand every instructions you gave in your last post but im wondering why you uninstall all the program you installed couldnt i keep them i probably downloaded them in my downloads file anyway and what about those i mentionned in my earlier posts (CCleaner, malwarebytes, etc) will it ask me to erase them as well ? thank you for all you done to the pc i ll make sure to read the info you gave i have one question i saw combofix did a restore point and i see youre saying it will use it im wondering is the restore point i used and talked about in my beginning post be still good? thank you very much fv Share this post Link to post Share on other sites
Tomk_ Report post Posted September 17, 2012 I'm not going anywhere. I check in here at least once every day. A Trusted Malware Tech is the group of people allowed to respond to malware problems here. WTT stands for another forum (What The Tech) where I used to be a teacher. I'm not currently a teacher. Jacee just has not updated the "tag" by my name here. The majority of the Truted Malware Tech Team here, either also "work" at WTT or were trained there. The housekeeping will not remove CCleaner nor Malwarebytes. The tools we used that it will remove are updated frequently and keeping them on your system is not a good idea. Malware changes daily and our tools must be changed also. In fact, some of the tools we use will cease to work after a period of time (7 to 10 days). Keeping them just takes up space on your system. The updated versions can be downloaded again if you should have need of them at some future point (here's hoping you won't need them). As part of ComboFix's uninstall process, a new system restore point will be set - it won't actually use it. All old ones will be purged as they could contain infections that were removed during our cleaning process. Share this post Link to post Share on other sites
forallbueaty Report post Posted September 18, 2012 (edited) hey tomk thank you i think every thing is in order now i checked and yes the last restore point was made by combofix in the restore of config panel is there a way to save this restore point say for a long period of time? f Edited September 18, 2012 by forallbueaty Share this post Link to post Share on other sites
Tomk_ Report post Posted September 18, 2012 The restore point is saved until you erase it. It does not automatically expire due to age or anything. Share this post Link to post Share on other sites