run.dll help to repare registry

[forallbueaty]

i got a virus

downloading with utorrent

anyway

 

since my AVG was unable to erase it

i restored it twice but AVG kept getting it

before i decided to run CCleaner, malwarebytes and fix-it essentialsr

restored a 3rd time and AVG finally got it

but the damage is done

 

when i start my pc

i get this little window that says:( though in french)

 

run.dll

problem at boot of

C:UsersPapaAppDataRoamingrlneug.dll

specified module can't be found

 

in AVG log i have those :

 

"";"C:UsersPapaAppDataRoamingspldic.dll";"Virus identifié Win32/Cryptor";"Déplacé en Quarantaine"

 

and :

 

"";"HKUS-1-5-21-2944442811-1643744279-865445854-1000SoftwareMicrosoftWindowsCurrentVersionRunspldic";"Clé de registre identifiée avec référence au fichier infecté C:UsersPapaAppDataRoamingspldic.dll";"Déplacé en Quarantaine"

 

so i download hijackthis and runned it but i get a small window from hijackthis before i get the final log

that says:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may Not be able to fix this.

 

If this happens, you need to edit the file yourself. To do this run notepad C:/window system32/drivers etc hosts

press enter , i dont have a run button looking for it ??? i know !!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:50:26, on 2012-09-10

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:WindowsvVX3000.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program Files (x86)Winampwinampa.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

C:Program Files (x86)Windows LiveContactswlcomm.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:UsersPapaDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe

O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe

O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe

O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe

O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe

O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe

O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe

O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe

O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe

--

End of file - 21467 bytes

 

 

the virus was identified as Win32/Cryptor

 

im ready to follow all instructions as well as to dowload and install anyting necessary to repare my registry

anyone who has time to help plz ?

 

thanks in advance

see my profile to learn about my pc

and let me know if you need more info

 

f

Edited September 13, 2012 by forallbueaty

[forallbueaty]

as instructed those are the dds log and the attach.txt

thanks

 

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Papa at 22:47:39 on 2012-09-10

Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3775 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:PROGRA~2AVGAVG2012avgrsa.exe

C:Program Files (x86)AVGAVG2012avgcsrva.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

C:Program Files (x86)AVGAVG2012avgwdsvc.exe

C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork

C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

C:Windowssystem32taskhost.exe

C:WindowsExplorer.EXE

C:Program FilesMicrosoft LifeCamMSCamS64.exe

C:PROGRA~2AVANQU~1Fix-Itmxtask2.exe

C:WindowsSysWOW64PnkBstrA.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

C:WindowsvVX3000.exe

C:WindowsSystem32rundll32.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Winampwinampa.exe

C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe

C:Program Files (x86)AVGAVG2012avgnsa.exe

C:Program Files (x86)AVGAVG2012avgemca.exe

C:Windowssystem32SearchIndexer.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

C:Program Files (x86)AVGAVG2012avgui.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe

C:Program Files (x86)Windows LiveContactswlcomm.exe

C:UsersPapaDownloadsHijackThis.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:Windowssystem32conhost.exe

C:WindowsSysWOW64cscript.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/ig

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

uRun: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

uRun: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

mRun: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

mRun: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces{185D1B80-94AD-44E6-B843-6228F67257D8} : DhcpNameServer = 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{A876E312-7D08-401a-B7A6-FAFC5DC2F292}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

mRun-x64: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

mRun-x64: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:Windowssystem32DRIVERSavgidsha.sys --> C:Windowssystem32DRIVERSavgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-6-11 361984]

R2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2012-5-9 328704]

R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2012-2-14 193288]

R2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service --> C:PROGRA~2AVANQU~1Fix-ItMxTask.exe -Service [?]

R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdW76.sys --> C:Windowssystem32driversAtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSavgidsdrivera.sys --> C:Windowssystem32DRIVERSavgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSavgidsfiltera.sys --> C:Windowssystem32DRIVERSavgidsfiltera.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-3 250568]

S3 driverhardwarev2x64;driverhardwarev2x64;C:Program Filesma-config.comDriversdriverhardwarev2x64.sys [2011-7-21 16640]

S3 maconfservice;Ma-Config Service;C:Program Filesma-config.comx64maconfservice.exe [2011-11-25 427640]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:Windowssystem32driversrdpvideominiport.sys --> C:Windowssystem32driversrdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]

S3 WatAdminSvc;Service Windows Activation Technologies;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-09-10 20:18:00 -------- d-----w- C:UsersPapaAppDataLocal{85E30EAB-4B4D-455A-860C-DF5152305EAA}

2012-09-10 18:28:14 -------- d-----w- C:UsersPapaAppDataLocal{4C3F087A-0EED-4C7E-8883-736C0C3297A2}

2012-09-10 01:59:07 -------- d-----w- C:UsersPapaAppDataLocal{DC69328E-E9A8-4F8F-927E-53CDF73A4653}

2012-09-09 01:58:28 -------- d-----w- C:UsersPapaAppDataLocal{4942C072-CEDD-4134-9FED-70175DB7E13F}

2012-09-08 13:58:03 -------- d-----w- C:UsersPapaAppDataLocal{4526F9E7-3A7C-4775-B894-1971604D56FB}

2012-09-08 01:57:38 -------- d-----w- C:UsersPapaAppDataLocal{ACF2F96A-751D-4F58-9D2E-8927911835B9}

2012-09-07 13:57:13 -------- d-----w- C:UsersPapaAppDataLocal{253B3B36-43FB-4392-A361-BF66F24C7B26}

2012-09-07 01:56:48 -------- d-----w- C:UsersPapaAppDataLocal{E88D8004-A655-4C2A-8D8F-31B4E66F1C6C}

2012-09-06 13:34:46 -------- d-----w- C:UsersPapaAppDataLocal{765699B6-41A4-47F9-80C1-BE1B1A2A8877}

2012-09-06 01:34:21 -------- d-----w- C:UsersPapaAppDataLocal{035F0375-112A-4927-B66E-7BDDC38FA4F3}

2012-09-05 01:27:43 -------- d-----w- C:UsersPapaAppDataLocal{FEAD323C-30F7-4705-B294-011939FCD00B}

2012-09-04 13:27:19 -------- d-----w- C:UsersPapaAppDataLocal{EE42C8D2-4A60-4118-B1BA-270144B06B6F}

2012-09-04 01:26:49 -------- d-----w- C:UsersPapaAppDataLocal{64B4AA6F-DE94-423B-AA3E-18D854D0B1BE}

2012-09-04 01:17:15 -------- d-----w- C:UsersPapaMes fichiers reçus

2012-09-02 00:56:31 -------- d-----w- C:UsersPapaAppDataLocal{C491865C-8626-4756-AA15-94FD0613E713}

2012-09-01 12:56:06 -------- d-----w- C:UsersPapaAppDataLocal{B879FBCC-A8CB-4599-A268-2212BBBEE339}

2012-09-01 00:55:36 -------- d-----w- C:UsersPapaAppDataLocal{4CA9856D-2009-4C70-B2AB-FBD0B9FF116E}

2012-08-31 10:27:11 -------- d-----w- C:UsersPapaAppDataLocal{E0177A7B-B254-4BFA-8F3A-F6598948113C}

2012-08-29 04:33:47 -------- d-----w- C:UsersPapaAppDataLocal{242CE880-66EF-4F46-88B1-318C52A0A75A}

2012-08-28 16:33:22 -------- d-----w- C:UsersPapaAppDataLocal{273B0523-A4D7-4067-9F5C-692A3C09947D}

2012-08-28 01:46:12 -------- d-----w- C:UsersPapaAppDataLocal{B8E8BD13-FEFF-46FC-A3D9-A29F5612F39A}

2012-08-26 22:12:26 -------- d-----w- C:UsersPapaAppDataLocal{2B401CBB-2656-40ED-9C03-97B3397A56C1}

2012-08-25 01:41:27 -------- d-----w- C:UsersPapaAppDataLocal{912EC5FB-DC4C-417E-A8A6-A16664F04707}

2012-08-24 19:43:16 384352 ----a-w- C:WindowsSystem32driversavgtdia.sys

2012-08-24 13:41:02 -------- d-----w- C:UsersPapaAppDataLocal{C317BD23-A3CF-4408-A4B7-CF6E739D3FE2}

2012-08-24 01:40:37 -------- d-----w- C:UsersPapaAppDataLocal{775980D0-DF37-4A9E-8AA3-35CC7B860362}

2012-08-23 12:40:46 -------- d-----w- C:UsersPapaAppDataLocal{D083C19B-467C-43CD-BCC8-FBEFC76149EC}

2012-08-22 17:49:40 -------- d-----w- C:UsersPapaAppDataLocal{398B7A4E-08BA-453F-8338-1030277359F8}

2012-08-22 01:33:25 -------- d-----w- C:UsersPapaAppDataLocal{0A817F48-1A0F-4F24-8C2D-325B4419AFC6}

2012-08-21 00:41:14 -------- d-----w- C:UsersPapaAppDataLocal{0968E816-C6B5-493D-B793-9AEC0A6459A0}

2012-08-20 12:40:49 -------- d-----w- C:UsersPapaAppDataLocal{BA5CE7CB-C403-4505-99D0-F68FA84F8B9B}

2012-08-19 16:14:36 -------- d-----w- C:UsersPapaAppDataLocal{4A026A8F-1F99-4B7F-AA27-45A95F28C78D}

2012-08-19 04:14:10 -------- d-----w- C:UsersPapaAppDataLocal{E6B12D4D-2021-42B2-93A7-77E00BF451F1}

2012-08-18 15:56:16 -------- d-----w- C:Program Filesprogrutilisés

2012-08-18 15:42:05 -------- d-----w- C:Program Files (x86)AMD APP

2012-08-18 15:19:12 -------- d-----w- C:UsersPapaAppDataLocal{7A7212DE-991F-444D-9970-7F3725D98B7F}

2012-08-18 15:19:00 -------- d-----w- C:UsersPapaAppDataLocal{FDC41350-C8A2-45CC-B9C0-38DA910F3002}

2012-08-18 03:18:34 -------- d-----w- C:UsersPapaAppDataLocal{4416FB0C-FC13-46CE-A1CA-8C2D14744D75}

2012-08-18 03:18:22 -------- d-----w- C:UsersPapaAppDataLocal{5E07D33B-D052-45D5-BE79-C3435D5825C3}

2012-08-17 15:17:57 -------- d-----w- C:UsersPapaAppDataLocal{02CC49D4-2179-4A5C-929C-A096D3BC96D6}

2012-08-17 03:17:33 -------- d-----w- C:UsersPapaAppDataLocal{7030F170-9DCE-43C9-87D4-30AC756F5335}

2012-08-17 03:17:21 -------- d-----w- C:UsersPapaAppDataLocal{45AFBC88-813A-43CE-8F1F-1188107C9D23}

2012-08-16 15:16:55 -------- d-----w- C:UsersPapaAppDataLocal{1D971F47-2595-47F9-A317-8572AE22E8D2}

2012-08-16 15:16:43 -------- d-----w- C:UsersPapaAppDataLocal{3239C2F0-FF2F-4D32-9C77-4A7DE0C82C33}

2012-08-16 03:16:18 -------- d-----w- C:UsersPapaAppDataLocal{02497438-BA48-41CA-81F7-C09802AA8BDE}

2012-08-16 03:16:06 -------- d-----w- C:UsersPapaAppDataLocal{37B087BB-2EC4-4445-9E9E-6A925EF3E245}

2012-08-15 15:15:40 -------- d-----w- C:UsersPapaAppDataLocal{874F3B1B-0C09-4EA5-B4E2-A3E8D3128C58}

2012-08-15 15:15:27 -------- d-----w- C:UsersPapaAppDataLocal{29229140-5349-46A0-BD32-CF32F65DCEE8}

2012-08-15 14:56:25 -------- d-----w- C:UsersPapaAppDataLocal{A756F21C-FD62-4BE3-AFE4-54AD32E9073E}

2012-08-15 00:39:44 503808 ----a-w- C:WindowsSystem32srcore.dll

2012-08-15 00:39:43 43008 ----a-w- C:WindowsSysWow64srclient.dll

2012-08-15 00:32:12 751104 ----a-w- C:WindowsSystem32win32spl.dll

2012-08-15 00:32:12 67072 ----a-w- C:Windowssplwow64.exe

2012-08-15 00:32:12 559104 ----a-w- C:WindowsSystem32spoolsv.exe

2012-08-15 00:32:12 492032 ----a-w- C:WindowsSysWow64win32spl.dll

2012-08-15 00:26:55 59392 ----a-w- C:WindowsSystem32browcli.dll

2012-08-15 00:26:55 41984 ----a-w- C:WindowsSysWow64browcli.dll

2012-08-15 00:26:55 136704 ----a-w- C:WindowsSystem32browser.dll

2012-08-15 00:26:26 3148800 ----a-w- C:WindowsSystem32win32k.sys

2012-08-15 00:24:52 956928 ----a-w- C:WindowsSystem32localspl.dll

2012-08-14 23:31:47 -------- d-----w- C:UsersPapaAppDataLocal{85EE8171-1A06-4B34-9D9B-1F082711B160}

2012-08-14 11:31:22 -------- d-----w- C:UsersPapaAppDataLocal{58C20C59-A850-4463-858E-4C1EE895A962}

2012-08-14 11:31:09 -------- d-----w- C:UsersPapaAppDataLocal{F2C67B72-6464-4473-B8D7-021837438F1C}

2012-08-13 15:02:52 -------- d-----w- C:UsersPapaAppDataLocal{02E678B2-E580-4E9A-8472-E5ACC8A0EACD}

2012-08-13 03:02:27 -------- d-----w- C:UsersPapaAppDataLocal{DFDF81B8-02D3-4988-A206-32BBED371D4B}

2012-08-13 03:02:15 -------- d-----w- C:UsersPapaAppDataLocal{8986DB83-8088-47CA-A38A-98BA2367CE2E}

2012-08-12 15:01:50 -------- d-----w- C:UsersPapaAppDataLocal{4918AB2D-70BE-4270-A8F5-9299BEBD5A39}

2012-08-12 15:01:34 -------- d-----w- C:UsersPapaAppDataLocal{5ACFE5CF-E924-454B-AF23-56DED30F3558}

2012-08-12 03:01:09 -------- d-----w- C:UsersPapaAppDataLocal{E91383BA-1422-4412-A10C-76DCD83F4AFE}

2012-08-12 03:00:56 -------- d-----w- C:UsersPapaAppDataLocal{97406117-3F82-4575-8B93-F8D09EE89727}

.

==================== Find3M ====================

.

2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.xtr

2012-09-01 01:53:10 281152 ----a-w- C:WindowsSysWow64PnkBstrB.exe

2012-08-31 04:25:27 281152 ----a-w- C:WindowsSysWow64PnkBstrB.ex0

2012-08-26 22:18:02 73416 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-08-26 22:18:02 696520 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-07-28 04:09:20 5538984 ----a-w- C:WindowsSysWow64atiumdag.dll

2012-07-28 04:07:44 10278912 ----a-w- C:WindowsSystem32driversatikmdag.sys

2012-07-28 03:43:12 70144 ----a-w- C:WindowsSystem32coinst_8.982.dll

2012-07-28 03:19:34 24935424 ----a-w- C:WindowsSystem32atio6axx.dll

2012-07-28 02:50:10 20546560 ----a-w- C:WindowsSysWow64atioglxx.dll

2012-07-28 02:47:40 187392 ----a-w- C:WindowsSystem32clinfo.exe

2012-07-28 02:47:24 75776 ----a-w- C:WindowsSystem32OpenVideo64.dll

2012-07-28 02:47:16 65024 ----a-w- C:WindowsSysWow64OpenVideo.dll

2012-07-28 02:47:10 63488 ----a-w- C:WindowsSystem32OVDecode64.dll

2012-07-28 02:47:06 56320 ----a-w- C:WindowsSysWow64OVDecode.dll

2012-07-28 02:46:56 16464896 ----a-w- C:WindowsSystem32amdocl64.dll

2012-07-28 02:46:06 13013504 ----a-w- C:WindowsSysWow64amdocl.dll

2012-07-28 02:15:50 163840 ----a-w- C:WindowsSystem32atiapfxx.exe

2012-07-28 02:15:42 931328 ----a-w- C:WindowsSysWow64aticfx32.dll

2012-07-28 02:13:56 1100288 ----a-w- C:WindowsSystem32aticfx64.dll

2012-07-28 02:10:40 442368 ----a-w- C:WindowsSystem32ATIDEMGX.dll

2012-07-28 02:10:34 534528 ----a-w- C:WindowsSystem32atieclxx.exe

2012-07-28 02:09:44 239616 ----a-w- C:WindowsSystem32atiesrxx.exe

2012-07-28 02:08:20 120320 ----a-w- C:WindowsSystem32atitmm64.dll

2012-07-28 02:08:04 21504 ----a-w- C:WindowsSystem32atimuixx.dll

2012-07-28 02:07:58 59392 ----a-w- C:WindowsSystem32atiedu64.dll

2012-07-28 02:07:52 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll

2012-07-28 02:07:10 6430208 ----a-w- C:WindowsSysWow64atidxx32.dll

2012-07-28 01:51:12 7052288 ----a-w- C:WindowsSystem32atidxx64.dll

2012-07-28 01:41:32 4266496 ----a-w- C:WindowsSystem32atiumd6a.dll

2012-07-28 01:35:10 51200 ----a-w- C:WindowsSystem32aticalrt64.dll

2012-07-28 01:35:08 46080 ----a-w- C:WindowsSysWow64aticalrt.dll

2012-07-28 01:35:02 44544 ----a-w- C:WindowsSystem32aticalcl64.dll

2012-07-28 01:35:00 44032 ----a-w- C:WindowsSysWow64aticalcl.dll

2012-07-28 01:34:48 16034304 ----a-w- C:WindowsSystem32aticaldd64.dll

2012-07-28 01:32:32 4751872 ----a-w- C:WindowsSysWow64atiumdva.dll

2012-07-28 01:30:10 13605888 ----a-w- C:WindowsSysWow64aticaldd.dll

2012-07-28 01:25:52 6676480 ----a-w- C:WindowsSystem32atiumd64.dll

2012-07-28 01:15:32 540160 ----a-w- C:WindowsSystem32atiadlxx.dll

2012-07-28 01:15:22 368640 ----a-w- C:WindowsSysWow64atiadlxy.dll

2012-07-28 01:15:12 17920 ----a-w- C:WindowsSystem32atig6pxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:WindowsSysWow64atiglpxx.dll

2012-07-28 01:15:08 14848 ----a-w- C:WindowsSystem32atiglpxx.dll

2012-07-28 01:15:04 41984 ----a-w- C:WindowsSystem32atig6txx.dll

2012-07-28 01:14:56 33280 ----a-w- C:WindowsSysWow64atigktxx.dll

2012-07-28 01:14:46 368640 ----a-w- C:WindowsSystem32driversatikmpag.sys

2012-07-28 01:13:54 129536 ----a-w- C:WindowsSystem32atiuxp64.dll

2012-07-28 01:13:48 109568 ----a-w- C:WindowsSysWow64atiuxpag.dll

2012-07-28 01:13:40 103936 ----a-w- C:WindowsSystem32atiu9p64.dll

2012-07-28 01:13:32 83456 ----a-w- C:WindowsSysWow64atiu9pag.dll

2012-07-28 01:12:54 53248 ----a-w- C:WindowsSystem32driversati2erec.dll

2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32atimpc64.dll

2012-07-28 01:08:42 56320 ----a-w- C:WindowsSystem32amdpcom64.dll

2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64atimpc32.dll

2012-07-28 01:08:36 56832 ----a-w- C:WindowsSysWow64amdpcom32.dll

2012-07-26 07:21:28 291680 ----a-w- C:WindowsSystem32driversavgldx64.sys

2012-06-29 03:56:34 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-06-28 02:49:48 76888 ----a-w- C:WindowsSysWow64PnkBstrA.exe

2012-06-27 09:36:17 682280 ----a-w- C:WindowsSysWow64pbsvc.exe

.

============= FINISH: 22:48:37,42 ===============

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Édition Intégrale

Boot Device: DeviceHarddiskVolume1

Install Date: 2011-06-25 14:35:01

System Uptime: 2012-09-10 21:24:30 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M2N

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | CPU 1 | 2009/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 149 GiB total, 40,113 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is FIXED (NTFS) - 289 GiB total, 185,295 GiB free.

G: is FIXED (NTFS) - 10 GiB total, 9,454 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP146: 2012-09-04 23:11:58 - Point de contrôle planifié

RP147: 2012-09-10 13:49:34 - Opération de restauration

RP148: 2012-09-10 21:20:42 - Windows Update

.

==== Installed Programs ======================

.

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

µTorrent

Battlefield 2: Deluxe Edition

Battlefield: Bad Company™ 2

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: World at War

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Company of Heroes

Crossrider Web Apps

D3DX10

DivX Web Player

DVD Shrink 3.2

eReg

Facebook Video Calling 1.2.0.159

Fix-It

Fix-It Utilities 11 Essentials

InFlac 1.1.1

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Malwarebytes Anti-Malware version 1.61.0.1400

Medal of Honor Allied Assault

Medal of Honor Allied Assault Breakthrough

Microsoft Corporation

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

NVIDIA ForceWare Network Access Manager

OpenOffice.org 3.3

PC Speed Maximizer v2.1

PokerStars

PunkBuster Services

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)

Skype™ 5.10

Steam

TeamSpeak 3 Client

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Veetle TV 0.9.18

Veoh Web Player

Visual Studio 2008 x64 Redistributables

Winamp

Winamp Detector Plug-in

Windows Live

Windows Live Communications Platform

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.11 (32-bit)

Xfire (remove only)

.

==== End Of File ===========================

[forallbueaty]

i runned the hijackthis.exe with administrator rights and obtained this :

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 08:04:24, on 2012-09-11

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:WindowsvVX3000.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program Files (x86)Winampwinampa.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Windows LiveMessengermsnmsgr.exe

C:Program Files (x86)Windows LiveContactswlcomm.exe

C:Program Files (x86)Internet ExplorerIELowutil.exe

C:UsersPapaDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/ig

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:Program Files (x86)CrossriderWebAppsCrossrider.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll

O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

O4 - HKLM..Run: [LifeCam] "C:Program Files (x86)Microsoft LifeCamLifeExp.exe"

O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

O4 - HKLM..Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:Program Files (x86)AMD AVTbinkdbsync.exe" aml

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

O4 - HKCU..Run: [Facebook Update] "C:UsersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver

O4 - HKCU..Run: [rlneug] "C:WindowsSystem32rundll32.exe" "C:UsersPapaAppDataRoamingrlneug.dll",set_sPLT

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'SERVICE RÉSEAU')

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:Program Files (x86)AVGAVG2012avgdtiex.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%system32aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:Windowssystem32atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Unknown owner - C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

O23 - Service: @%systemroot%system32appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32appinfo.dll,-100 (Appinfo) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: AvanquestWindowsMonitorService - Unknown owner - C:Program Files (x86)AvanquestFix-ItAVQWinMonEngine.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe

O23 - Service: @%SystemRoot%system32AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32bdesvc.dll,-100 (BDESVC) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32qmgr.dll,-1000 (BITS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32browser.dll,-100 (Browser) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32bthserv.dll,-101 (bthserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32certprop.dll,-11 (CertPropSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32cscsvc.dll,-200 (CscService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32defragsvc.dll,-101 (defragsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32dnsapi.dll,-101 (Dnscache) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32dps.dll,-500 (DPS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32eapsvc.dll,-1 (EapHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%ehomeehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:WindowsehomeehRecvr.exe

O23 - Service: @%SystemRoot%ehomeehsched.exe,-101 (ehSched) - Unknown owner - C:Windowsehomeehsched.exe

O23 - Service: @%SystemRoot%system32wevtsvc.dll,-200 (eventlog) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: @%systemroot%system32fdPHost.dll,-100 (fdPHost) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32fdrespub.dll,-100 (FDResPub) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Fix-It Essentials Task Manager - Avanquest Software - C:PROGRA~2AVANQU~1Fix-ItMxTask.exe

O23 - Service: @%systemroot%system32FntCache.dll,-100 (FontCache) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32hidserv.dll,-101 (hidserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32ikeext.dll,-501 (IKEEXT) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32lltdres.dll,-1 (lltdsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:Program Filesma-config.comx64maconfservice.exe

O23 - Service: @%systemroot%system32mmcss.dll,-100 (MMCSS) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%system32iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32msimsg.dll,-27 (msiserver) - Unknown owner - C:Windowssystem32msiexec.exe

O23 - Service: @%SystemRoot%system32qagentrt.dll,-6 (napagent) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32netman.dll,-109 (Netman) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32netprofm.dll,-202 (netprofm) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32nsisvc.dll,-200 (nsi) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%sysWow64perfhost.exe,-2 (PerfHost) - Unknown owner - C:WindowsSysWow64perfhost.exe

O23 - Service: @%systemroot%system32pla.dll,-500 (pla) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe

O23 - Service: @%SystemRoot%system32pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32umpo.dll,-100 (Power) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32profsvc.dll,-300 (ProfSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32rasauto.dll,-200 (RasAuto) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%Systemroot%system32rasmans.dll,-200 (RasMan) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%windir%system32RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%System32SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32schedsvc.dll,-100 (Schedule) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32Sens.dll,-200 (SENS) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

O23 - Service: @%SystemRoot%system32wiaservc.dll,-9 (stisvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32swprv.dll,-103 (swprv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32tbssvc.dll,-100 (TBS) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32termsrv.dll,-268 (TermService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32themeservice.dll,-8192 (Themes) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32mmcss.dll,-102 (THREADORDER) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32trkwks.dll,-1 (TrkWks) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%servicingTrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:WindowsservicingTrustedInstaller.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32upnphost.dll,-213 (upnphost) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32w32time.dll,-200 (W32Time) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%systemroot%system32wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%systemroot%system32webclnt.dll,-100 (WebClient) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%System32wersvc.dll,-100 (WerSvc) - Unknown owner - C:WindowsSystem32svchost.exe

O23 - Service: @%SystemRoot%system32winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32wbemwmisvc.dll,-205 (Winmgmt) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%system32wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%systemroot%system32SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:Windowssystem32SearchIndexer.exe

O23 - Service: @%systemroot%system32wuaueng.dll,-105 (wuauserv) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%system32wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:Windowssystem32svchost.exe

O23 - Service: @%SystemRoot%System32wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:Windowssystem32svchost.exe

--

End of file - 21711 bytes

[Tomk_]

Hi forallbueaty,

,

 

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

utorrent

You have utorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

 

References for the risk of these programs can be found in these links:

http://www.microsoft...protection.mspx

http://www.techweb.com/wire/160500554

http://www.internetw...cles/art053.htm

 

 

I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

 

If you wish to keep it, please do not use it until your computer is cleaned.

 

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

[forallbueaty]

hi tomk,

 

i wont erase utorrent , i knew the risks,

but i wont start it til' you tell me that my pc is clean

you didnt say if you were to restore my registry

you said malware i have runned malwarebytes without finding

if you find some plz tell it to me so im up to date

 

are you going to use hijackthis or not after combo? and why?

i appreciated your help thank you

 

f

 

here the combofix log

hope everything is at your liking

 

ComboFix 12-09-11.02 - Papa 2012-09-11 22:18:34.1.2 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3996 [GMT -4:00]

Lancé depuis: c:usersPapaDownloadsComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:usersPapaAppDataLocalTempDIR

c:usersPapaAppDataLocalTempDIRGFInstallerAppName.txt

c:usersPapaAppDataLocalTempDIRGFInstallerChannel.txt

c:usersPapaAppDataLocalTempDIRGFInstallerDownloadURL.txt

c:usersPapaAppDataLocalTempDIRGFInstallerGFInstaller.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-08-12 au 2012-09-12 ))))))))))))))))))))))))))))))))))))

.

.

2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll

2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner

2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus

2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys

2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés

2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP

2012-08-15 00:39 . 2012-05-05 08:36 503808 ----a-w- c:windowssystem32srcore.dll

2012-08-15 00:39 . 2012-05-05 07:46 43008 ----a-w- c:windowsSysWow64srclient.dll

2012-08-15 00:32 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll

2012-08-15 00:32 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe

2012-08-15 00:32 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe

2012-08-15 00:32 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll

2012-08-15 00:26 . 2012-07-04 22:16 73216 ----a-w- c:windowssystem32netapi32.dll

2012-08-15 00:26 . 2012-07-04 22:13 59392 ----a-w- c:windowssystem32browcli.dll

2012-08-15 00:26 . 2012-07-04 22:13 136704 ----a-w- c:windowssystem32browser.dll

2012-08-15 00:26 . 2012-07-04 21:14 41984 ----a-w- c:windowsSysWow64browcli.dll

2012-08-15 00:26 . 2012-07-18 18:15 3148800 ----a-w- c:windowssystem32win32k.sys

2012-08-15 00:24 . 2012-05-14 05:26 956928 ----a-w- c:windowssystem32localspl.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe

2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr

2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe

2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0

2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll

2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys

2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll

2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll

2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll

2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe

2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll

2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll

2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll

2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll

2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll

2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll

2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe

2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll

2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll

2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll

2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe

2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe

2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll

2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll

2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll

2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll

2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll

2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll

2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll

2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll

2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll

2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll

2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll

2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll

2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll

2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll

2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll

2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll

2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll

2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys

2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll

2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll

2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll

2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll

2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll

2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys

2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe

2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll

[-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll

.

[-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]

"LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]

"WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]

R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]

R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]

S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]

S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

.

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - WS2IFSL

.

Contenu du dossier 'Tâches planifiées'

.

2012-09-12 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]

.

2012-09-11 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

2012-09-12 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.ca/ig

mLocal Page = c:windowsSysWOW64blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Wow6432Node-HKCU-Run-rlneug - c:usersPapaAppDataRoamingrlneug.dll

AddRemove-PunkBusterSvc - c:windowssystem32pbsvc.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:windowsSysWOW64PnkBstrA.exe

c:progra~2AVANQU~1Fix-Itmxtask2.exe

.

**************************************************************************

.

Heure de fin: 2012-09-11 22:55:31 - La machine a redémarré

ComboFix-quarantined-files.txt 2012-09-12 02:55

.

Avant-CF: 42 208 088 064 octets libres

Après-CF: 41 588 035 584 octets libres

.

- - End Of File - - 886C9F6A01008AFFDEE13E0CF91CE62E

[Tomk_]

I don't think hijackthis works very well with windows 7. I can do everything with ComboFix that I can do with Hijackthis... plus a whole lot more.

 

Let's get an online scan. This will take a long time. Probably hours.

 

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[forallbueaty]

hey Tomk

 

how are you today?

i chked Kantaris its a media player

dont know where it comes from

maybe i use it when i look at movies on the net

 

i try to store my things in F:

so i have more place to run the programs

hope i didnt scrap my F:

 

 

heres the ESETSCAN.txt you asked

 

C:Program Files (x86)AvanquestFix-ItW32Int13.dll a variant of Win32/Kryptik.FNT trojan

C:Program Files (x86)PC Speed MaximizerPCSpeedMaximizer.exe a variant of Win32/SpeedingUpMyPC application

C:UsersPapaDownloadsnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

C:UsersPapaDownloadsnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

C:UsersPapaVideosAutoCAD LT 2009 x64AutoCAD LT 2009Keygen.exe a variant of Win32/Keygen.BT application

F:alain_driversKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:alain_driverswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

F:mesvieuyxnouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:mesvieuyxnouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

F:musiquenouvdownsKantaris_0.7.7_setup.exe Win32/OpenCandy application

F:musiquenouvdownswinamp562_full_emusic-7plus_all.exe Win32/OpenCandy application

Edited September 13, 2012 by forallbueaty

[Tomk_]

I believe we can clean all that up. The ones that are marked "Win32/OpenCandy application" are adware. PC speed maximizer is just garbage. It won't make your PC any faster but will actually use up resources and most likely will slow it down. The worst thing showing is the trojan.

 

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

   

  File::
  C:\Program Files (x86)\Avanquest\Fix-It\W32Int13.dll
  C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe
  C:\Users\Papa\Downloads\nouvdowns\Kantaris_0.7.7_setup.exe
  C:\Users\Papa\Downloads\nouvdowns\winamp562_full_emusic-7plus_all.exe
  C:\Users\Papa\Videos\AutoCAD LT 2009 x64\AutoCAD LT 2009\Keygen.exe
  F:\alain_drivers\Kantaris_0.7.7_setup.exe
  F:\alain_drivers\winamp562_full_emusic-7plus_all.exe
  F:\mesvieuyx\nouvdowns\Kantaris_0.7.7_setup.exe
  F:\mesvieuyx\nouvdowns\winamp562_full_emusic-7plus_all.exe
  F:\musique\nouvdowns\Kantaris_0.7.7_setup.exe
  F:\musique\nouvdowns\winamp562_full_emusic-7plus_all.exe
  
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

   

  

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[forallbueaty]

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

was wondering didnt had my combofix on my desktop so i found combofix somewhere and dragged a shortcut to my desktop will it work the same ?

probably the same, yes?

[Tomk_]

Nope. Won't work to drag it into a shortcut. Need to drag it into the .exe file.

 

You've got it in your downloads folder. Either move it to your desktop... or redownload it and put it on your desktop this time.

[forallbueaty]

hey Tomk how are you

i dowloaded combofix again directly to the desktop

its the 1st time that i do that

do you have many application on your pc installed on the desktop?? lol

 

got a window though saying

smartscreen has detect combofix and think it could harm your pc:

i understand combofix cant run when my AVG is running

but its scary

 

is smartscreen a part of AVG, what do you think ?

 

f

[Tomk_]

Smart Screen is a component of Internet Explorer 9. ComboFix is safe to run under supervision. That warning is just pointing out that it is very powerful and can make changes to your system... which it can. That's why we use it.

[forallbueaty]

system failure trying to restore system successfully restored wow this one had me running for a sec.

when i tried to reopen iexplorer i had a message that my dll wasnt good did iwant to erase that

i said no and restart the pc

so here i am ...

and this is the combomix log:

 

ComboFix 12-09-14.03 - Papa 2012-09-14 18:32:33.2.2 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.2.1036.18.5119.3977 [GMT -4:00]

Lancé depuis: c:usersPapaDesktopComboFix.exe

Commutateurs utilisés :: c:usersPapaDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Une copie infectée de c:windowssystem32Services.exe a été trouvée et désinfectée

Copie restaurée à partir de - c:windowserdntcache64services.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-08-14 au 2012-09-14 ))))))))))))))))))))))))))))))))))))

.

.

2012-09-14 22:39 . 2012-09-14 22:39 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-09-13 02:04 . 2012-09-13 02:04 -------- d-----w- c:program files (x86)ESET

2012-09-11 23:07 . 2012-08-22 18:12 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-09-11 23:06 . 2012-08-22 18:12 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-09-11 23:06 . 2012-08-22 18:12 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-09-11 22:59 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-09-11 22:59 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-09-11 22:57 . 2012-08-02 17:58 574464 ----a-w- c:windowssystem32d3d10level9.dll

2012-09-11 22:57 . 2012-08-02 16:57 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

2012-09-07 16:19 . 2012-09-10 17:53 -------- d-----w- c:usersPapaAppDataRoamingDeepBurner

2012-09-04 01:17 . 2012-09-04 01:17 -------- d-----w- c:usersPapaMes fichiers reçus

2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:windowssystem32driversavgtdia.sys

2012-08-18 15:56 . 2012-08-18 15:57 -------- d-----w- c:program filesprogrutilisés

2012-08-18 15:42 . 2012-08-18 15:42 -------- d-----w- c:program files (x86)AMD APP

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 01:28 . 2011-06-27 04:07 64462936 ----a-w- c:windowssystem32MRT.exe

2012-09-01 01:53 . 2011-07-02 23:23 281152 ----a-w- c:windowsSysWow64PnkBstrB.xtr

2012-09-01 01:53 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.exe

2012-08-31 04:25 . 2011-06-26 23:56 281152 ----a-w- c:windowsSysWow64PnkBstrB.ex0

2012-08-26 22:18 . 2012-04-03 11:56 696520 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-26 22:18 . 2011-06-26 14:59 73416 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:windowsSysWow64atiumdag.dll

2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:windowssystem32driversatikmdag.sys

2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:windowssystem32coinst_8.982.dll

2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:windowssystem32atio6axx.dll

2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:windowsSysWow64atioglxx.dll

2012-07-28 02:47 . 2012-07-28 02:47 187392 ----a-w- c:windowssystem32clinfo.exe

2012-07-28 02:47 . 2012-07-28 02:47 75776 ----a-w- c:windowssystem32OpenVideo64.dll

2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:windowsSysWow64OpenVideo.dll

2012-07-28 02:47 . 2012-07-28 02:47 63488 ----a-w- c:windowssystem32OVDecode64.dll

2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:windowsSysWow64OVDecode.dll

2012-07-28 02:46 . 2012-07-28 02:46 16464896 ----a-w- c:windowssystem32amdocl64.dll

2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:windowsSysWow64amdocl.dll

2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:windowssystem32atiapfxx.exe

2012-07-28 02:15 . 2012-04-06 02:21 931328 ----a-w- c:windowsSysWow64aticfx32.dll

2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:windowssystem32aticfx64.dll

2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:windowssystem32ATIDEMGX.dll

2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:windowssystem32atieclxx.exe

2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:windowssystem32atiesrxx.exe

2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:windowssystem32atitmm64.dll

2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:windowssystem32atimuixx.dll

2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:windowssystem32atiedu64.dll

2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:windowsSysWow64atidxx32.dll

2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:windowssystem32atidxx64.dll

2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:windowssystem32atiumd6a.dll

2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:windowssystem32aticalrt64.dll

2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:windowsSysWow64aticalrt.dll

2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:windowssystem32aticalcl64.dll

2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:windowsSysWow64aticalcl.dll

2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:windowssystem32aticaldd64.dll

2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:windowsSysWow64atiumdva.dll

2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:windowsSysWow64aticaldd.dll

2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:windowssystem32atiumd64.dll

2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:windowssystem32atiadlxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:windowsSysWow64atiadlxy.dll

2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:windowssystem32atig6pxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowsSysWow64atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:windowssystem32atiglpxx.dll

2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:windowssystem32atig6txx.dll

2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:windowsSysWow64atigktxx.dll

2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:windowssystem32driversatikmpag.sys

2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:windowssystem32atiuxp64.dll

2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:windowsSysWow64atiuxpag.dll

2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:windowssystem32atiu9p64.dll

2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:windowsSysWow64atiu9pag.dll

2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:windowssystem32driversati2erec.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32atimpc64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:windowssystem32amdpcom64.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64atimpc32.dll

2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:windowsSysWow64amdpcom32.dll

2012-07-26 07:21 . 2012-07-26 07:21 291680 ----a-w- c:windowssystem32driversavgldx64.sys

2012-07-18 18:15 . 2012-08-15 00:26 3148800 ----a-w- c:windowssystem32win32k.sys

2012-07-04 22:16 . 2012-08-15 00:26 73216 ----a-w- c:windowssystem32netapi32.dll

2012-07-04 22:13 . 2012-08-15 00:26 59392 ----a-w- c:windowssystem32browcli.dll

2012-07-04 22:13 . 2012-08-15 00:26 136704 ----a-w- c:windowssystem32browser.dll

2012-07-04 21:14 . 2012-08-15 00:26 41984 ----a-w- c:windowsSysWow64browcli.dll

2012-06-29 04:55 . 2012-08-15 14:59 17809920 ----a-w- c:windowssystem32mshtml.dll

2012-06-29 04:09 . 2012-08-15 14:59 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-06-29 03:56 . 2012-08-15 14:59 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-06-29 03:49 . 2012-08-15 14:59 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-06-29 03:49 . 2012-08-15 14:59 1392128 ----a-w- c:windowssystem32wininet.dll

2012-06-29 03:48 . 2012-08-15 14:59 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-06-29 03:47 . 2012-08-15 14:59 237056 ----a-w- c:windowssystem32url.dll

2012-06-29 03:45 . 2012-08-15 14:59 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-06-29 03:44 . 2012-08-15 14:59 816640 ----a-w- c:windowssystem32jscript.dll

2012-06-29 03:43 . 2012-08-15 14:59 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-06-29 03:42 . 2012-08-15 14:59 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-06-29 03:40 . 2012-08-15 14:59 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-06-29 03:39 . 2012-08-15 14:59 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-06-29 03:35 . 2012-08-15 14:59 248320 ----a-w- c:windowssystem32ieui.dll

2012-06-29 00:16 . 2012-08-15 14:59 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-06-29 00:09 . 2012-08-15 14:59 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-06-29 00:08 . 2012-08-15 14:59 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-06-29 00:04 . 2012-08-15 14:59 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-06-29 00:00 . 2012-08-15 14:59 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-06-28 02:49 . 2011-06-26 23:56 76888 ----a-w- c:windowsSysWow64PnkBstrA.exe

2012-06-27 09:36 . 2012-06-27 09:36 682280 ----a-w- c:windowsSysWow64pbsvc.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:windowswinsxsamd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973user32.dll

[-] 2011-07-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:windowssystem32user32.dll

.

[-] 2011-07-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:windowsSysWOW64user32.dll

[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:windowswinsxswow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6euser32.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-09-12_02.33.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 01:25 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 01:25 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-09-13 22:52 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-06-25 18:56 . 2012-09-14 22:44 51244 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-09-14 22:44 40986 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-06-25 18:43 . 2012-09-14 22:44 18422 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-2944442811-1643744279-865445854-1000_UserData.bin

- 2011-06-25 18:33 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-25 18:33 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-06-25 18:33 . 2012-09-14 22:21 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-06-25 18:33 . 2012-09-11 23:37 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-09-11 23:37 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-09-14 22:21 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-09-14 22:42 . 2012-09-14 22:42 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-09-12 02:32 . 2012-09-12 02:32 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2009-07-14 05:01 . 2012-09-14 22:39 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-09-12 02:29 277220 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-06-25 19:06 . 2012-09-14 22:39 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

- 2011-06-25 19:06 . 2012-09-12 02:29 1027896 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache3.0.0.0.dat

+ 2011-06-26 09:47 . 2012-09-14 22:39 11370316 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-2944442811-1643744279-865445854-1000-8192.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Facebook Update"="c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2012-07-31 2596984]

"LifeCam"="c:program files (x86)Microsoft LifeCamLifeExp.exe" [2010-05-20 119152]

"WinampAgent"="c:program files (x86)Winampwinampa.exe" [2011-06-30 74752]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2012-01-17 252296]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2012-06-11 641704]

"Adobe Reader Speed Launcher"="c:program files (x86)AdobeReader 9.0ReaderReader_sl.exe" [2012-07-31 38872]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-26 250568]

R3 driverhardwarev2x64;driverhardwarev2x64;c:program filesma-config.comDriversdriverhardwarev2x64.sys [2011-07-21 16640]

R3 maconfservice;Ma-Config Service;c:program filesma-config.comx64maconfservice.exe [2011-11-25 427640]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:windowssystem32WatWatAdminSvc.exe [2011-07-27 1255736]

S0 AVGIDSHA;AVGIDSHA;c:windowssystem32DRIVERSavgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [2012-08-24 384352]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2012-07-28 239616]

S2 AMD FUEL Service;AMD FUEL Service;c:program filesATI TechnologiesATI.ACEFuelFuel.Service.exe [2012-06-11 361984]

S2 AvanquestWindowsMonitorService;AvanquestWindowsMonitorService;c:program files (x86)AvanquestFix-ItAVQWinMonEngine.exe [2010-11-16 328704]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2012-08-13 5167736]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2012-02-14 193288]

S2 Fix-It Essentials Task Manager;Fix-It Essentials Task Manager;c:progra~2AVANQU~1Fix-ItMxTask.exe [2010-11-16 882816]

S3 amdiox64;AMD IO Driver;c:windowssystem32DRIVERSamdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2012-07-28 10278912]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2012-07-28 368640]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW76.sys [2012-05-14 96896]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSavgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSavgidsfiltera.sys [2011-12-23 29776]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-09-14 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-03 22:18]

.

2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000Core.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

2012-09-14 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2944442811-1643744279-865445854-1000UA.job

- c:usersPapaAppDataLocalFacebookUpdateFacebookUpdate.exe [2012-02-15 22:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"VX3000"="c:windowsvVX3000.exe" [2010-05-20 762736]

.

------- Examen supplémentaire -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.ca/ig

mLocal Page = c:windowsSysWOW64blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:progra~2AVANQU~1Fix-Itmxtask2.exe

c:windowsSysWOW64PnkBstrA.exe

.

**************************************************************************

.

Heure de fin: 2012-09-14 18:48:44 - La machine a redémarré

ComboFix-quarantined-files.txt 2012-09-14 22:48

ComboFix2.txt 2012-09-12 02:55

.

Avant-CF: 41 512 349 696 octets libres

Après-CF: 41 286 852 608 octets libres

.

- - End Of File - - 4A798B35D11C6D5CE6012796FB4B3672

[Tomk_]

ComboFix found an infected windows file... that wasn't infected earlier. We better check on your services.

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure "Include All Files" option remains checked.
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[forallbueaty]

hey tomk

 

how strange i just received the Windows renewing of contract e-mail for the services ?)

 

 

i started the FSS

 

i dont have a "Include All Files" option

 

i have 8 ckboxes

2 first are already checked

 

RpcSs and Plugplay

Internet Services

Windows Firewall

Systèm Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

and there is a board to Search:

 

then 3 buttons

Scan, Search Files, Export Service

[Tomk_]

Check all the boxes and then click the scan button.

[forallbueaty]

here you go

thanks for everything again tomk

was pretty sure i send you this yesterday

seems not

have a good day

 

f

 

 

 

Farbar Service Scanner Version: 06-08-2012

Ran by Papa (administrator) on 16-09-2012 at 12:45:15

Running from "C:UsersPapaDownloads"

Microsoft Windows 7 Édition Intégrale Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

 

Windows Firewall:

=============

Firewall Disabled Policy:

==================

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]

"DisableAntiSpyware"=DWORD:1

 

Other Services:

==============

 

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys

[2012-09-11 19:07] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:WindowsSystem32ipnathlp.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

 

**** End of log ****

[Tomk_]

That all looks good.

 

As far as I can tell... that's it for malware.

 

Let's cleanup.

 

Time for some housekeeping

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK.
• Note the space between the X and the U, it needs to be there.
• 

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

[forallbueaty]

hey tomk dont go i was looking forward to these little chat

il be frank with you to this date im not totally sure you are a ligit part of Pcpitstop

( prbl. because i dt know what WTT teacher is nor what are the Trusted Malware Techs are?

i'm guessing groups under this forum),

but the download this and dowload that kept me scared, lol

 

i finally succeed in finding how to get the run button in my start menu

the guy that install my pc did it in french against my will

so by default windows sets everything in french,

moving from french to english and back to french is sometimes diff.

 

i understand every instructions you gave in your last post

but im wondering why you uninstall all the program you installed couldnt i keep them

i probably downloaded them in my downloads file anyway

and what about those i mentionned in my earlier posts

(CCleaner, malwarebytes, etc)

will it ask me to erase them as well ?

 

thank you for all you done to the pc

i ll make sure to read the info you gave

 

i have one question

i saw combofix did a restore point and i see youre saying it will use it

im wondering is the restore point i used and talked about in my beginning post be still good?

 

thank you very much

 

fv

[Tomk_]

I'm not going anywhere. I check in here at least once every day.

 

A Trusted Malware Tech is the group of people allowed to respond to malware problems here.

 

WTT stands for another forum (What The Tech) where I used to be a teacher. I'm not currently a teacher. Jacee just has not updated the "tag" by my name here. The majority of the Truted Malware Tech Team here, either also "work" at WTT or were trained there.

 

The housekeeping will not remove CCleaner nor Malwarebytes. The tools we used that it will remove are updated frequently and keeping them on your system is not a good idea. Malware changes daily and our tools must be changed also. In fact, some of the tools we use will cease to work after a period of time (7 to 10 days). Keeping them just takes up space on your system. The updated versions can be downloaded again if you should have need of them at some future point (here's hoping you won't need them).

 

As part of ComboFix's uninstall process, a new system restore point will be set - it won't actually use it. All old ones will be purged as they could contain infections that were removed during our cleaning process.

[forallbueaty]

hey tomk

thank you

i think every thing is in order now

i checked and yes the last restore point was made by combofix in the restore of config panel

is there a way to save this restore point say for a long period of time?

 

f

Edited September 18, 2012 by forallbueaty

[Tomk_]

The restore point is saved until you erase it. It does not automatically expire due to age or anything.