Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
22 replies to this topic

#1 Spike91

Spike91

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 April 2014 - 05:38 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:30, on 04/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Users\samir\Downloads\Programs\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender Agent de l'application Wallet] "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Users\samir\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:   C:\PROGRA~1\BROWSE~1\SAFETY~1\SAFETY~2.DLL
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: Update FindRight - Unknown owner - C:\Program Files\FindRight\updateFindRight.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 18773 bytes
 



BC AdBot (Login to Remove)

 


m

#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 08 April 2014 - 04:39 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 11 April 2014 - 08:35 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is

29 days old and could be outdated
)
Ran by samir (administrator) on SAMIR-PC on 11-04-2014 12:10:33
Running from C:\Users\samir\Downloads\Programs
Microsoft Windows 7 Professionnel  Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(BitTorrent Inc.) C:\Users\samir\AppData\Roaming\uTorrent\uTorrent.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(www.moofdev.net) C:\Users\samir\AppData\Local\Temp\Rar$EXa0.698\RatioMaster-1.9.1\RM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [InstallerLauncher] - "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-

CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-

A75F-CFD0C7EA4FBF}\Installer.exe"
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-05] (Avira Operations GmbH & Co.

KG)
HKLM\...\Run: [Kepard] - C:\Program Files\Kepard\Kepard.exe [746496 2013-12-14] (Kepard)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] - "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] - "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Agent de l'application Wallet] - "C:\Program Files\Bitdefender\Bitdefender

\bdapppassmgr.exe"
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe

[3821136 2014-03-26] (Tonec Inc.)
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\Run: [uTorrent] - C:\Users\samir\AppData\Roaming\uTorrent

\uTorrent.exe [1264984 2014-04-05] (BitTorrent Inc.)
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\Run: [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\MountPoints2: H - H:\AUTORUN.EXE
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\MountPoints2: I - C:\Windows\system32\RunDLL32.EXE

Shell32.DLL,ShellExec_RunDLL I:\ShelExec.exe "www.mon-partenaire-sante.com"
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\MountPoints2: {2a64996e-ad27-11e3-9c46-0025222029bd} - J:

\LGAutoRun.exe
HKU\S-1-5-21-4246969510-2668884010-4153552468-1000\...\MountPoints2: {2a6499c6-ad27-11e3-9c46-0025222029bd} - C:\Windows

\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\ShelExec.exe "www.mon-partenaire-sante.com"
AppInit_DLLs: C:\PROGRA~1\BROWSE~1\SAFETY~1\SAFETY~2.DLL => C:\PROGRA~1\BROWSE~1\SAFETY~1\SAFETY~2.DLL File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\browser tab search by ask\safetynut\x64\safetycrt.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download

Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office

\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype

Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default
FF user.js: detected! => C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\user.js
FF Homepage: hxxp://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: NetVideoHunter - C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\Extensions

\netvideohunter@netvideohunter.com [2014-03-14]
FF Extension: Ouedkniss Toolbar - C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\Extensions

\toolbar-tbplatform@alexa.com.xpi [2014-04-06]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles

\tqm6lrqi.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-03-31]
FF Extension: DownThemAll! - C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\Extensions\{DDC359D1

-844A-42a7-9AA1-88A850A938A8}.xpi [2014-03-26]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\samir\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\samir\AppData\Roaming\IDM\idmmzcc5 [2014-03-26]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\samir\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\samir\AppData\Roaming\IDM\idmmzcc5 [2014-03-26]

Chrome:
=======
CHR Extension: (Documents Google) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake [2014-02-22]
CHR Extension: (Google Drive) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2014-02-22]
CHR Extension: (YouTube) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-22]
CHR Extension: (Recherche Google) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-22]
CHR Extension: (IDM Integration Module) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jeaohhlajejodfjadcponpnjgkiikocn [2014-03-28]
CHR Extension: (Google Wallet) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-22]
CHR Extension: (Gmail) - C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-22]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx

[2013-11-29]

========================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-04-05] (Avira Operations GmbH & Co.

KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-04-05] (Avira Operations GmbH &

Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-04-05] (Avira Operations GmbH & Co.

KG)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)

==================== Drivers (Whitelisted) ====================

S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-13] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2013-12-13] (Avira Operations GmbH & Co. KG)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113104 2012-05-31] (Power Software Ltd)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-13] (Avira GmbH)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2012-02-02] (The OpenVPN Project)
R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-04-05] (StdLib)
U4 vsserv;
U3 aswMBR; \??\C:\Users\samir\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-11 11:39 - 2014-04-11 11:39 - 00000539 _____ () C:\Users\samir\Desktop\MBR.rar
2014-04-11 11:37 - 2014-04-11 11:37 - 00002140 _____ () C:\Users\samir\Desktop\aswMBR.txt
2014-04-11 11:37 - 2014-04-11 11:37 - 00000512 _____ () C:\Users\samir\Desktop\MBR.dat
2014-04-11 11:34 - 2014-04-11 11:34 - 00072844 _____ () C:\Users\samir\Downloads\Suits - 03x16 - No Way

Out.KILLERS.English.HI.C.orig.Addic7ed.com.srt
2014-04-11 11:34 - 2014-04-11 11:34 - 00071020 _____ () C:\Users\samir\Downloads\Suits - 03x16 - No Way

Out.KILLERS.French.C.updated.Addic7ed.com.srt
2014-04-11 09:02 - 2014-04-11 09:02 - 04964560 _____ () C:\Users\samir\Downloads\NO SPECIAL FX  MRSTEEN  POPPIN JOHN -

PoppinJohnSBK - Vubecom.mp4
2014-04-10 08:45 - 2014-04-10 08:45 - 00000000 _____ () C:\Users\samir\Downloads\Tommy Trash - Trashed Radio 016 2014-04-09

Tracklist  Playlist - 1001 Tracklists.m4a
2014-04-09 23:53 - 2014-04-09 23:53 - 00011462 _____ () C:\Users\samir\Downloads\Moda donna, moda uomo e accessori - Coveri

moda made in italy - ENRICO COVERI.htm
2014-04-09 23:53 - 2014-04-09 23:53 - 00000000 ____D () C:\Users\samir\Downloads\Moda donna, moda uomo e accessori - Coveri

moda made in italy - ENRICO COVERI_fichiers
2014-04-09 18:03 - 2014-04-09 18:03 - 00043459 _____ () C:\Users\samir\Downloads\FRST.txt
2014-04-09 18:03 - 2014-04-09 18:03 - 00016563 _____ () C:\Users\samir\Downloads\Addition.txt
2014-04-09 18:01 - 2014-04-11 12:10 - 00000000 ____D () C:\FRST
2014-04-09 11:44 - 2014-04-09 11:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-08 18:21 - 2014-04-08 18:21 - 00014777 _____ () C:\Users\samir\Downloads\August Osage County-2013-FRENCH-

BRRip.Xvid-h@mster.avi.torrent
2014-04-08 11:09 - 2014-04-08 11:09 - 00095397 _____ () C:\Users\samir\Downloads\rules_4.bin
2014-04-08 10:46 - 2014-04-08 10:46 - 00095397 _____ () C:\Users\samir\Downloads\rules_3.bin
2014-04-07 18:04 - 2014-04-07 18:04 - 00095397 _____ () C:\Users\samir\Downloads\rules_2.bin
2014-04-07 12:33 - 2014-04-07 12:33 - 00095397 _____ () C:\Users\samir\Downloads\rules.bin
2014-04-07 11:26 - 2014-04-07 11:26 - 10958933 _____ () C:\Users\samir\Downloads\Calvin Harris - Summer Download MP3.flv
2014-04-07 09:44 - 2014-04-07 09:44 - 00002263 _____ () C:\Users\Public\Desktop\Gadwin PrintScreenPro (32-Bit).lnk
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Gadwin
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Users\samir\AppData\Local\Gadwin
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Program Files\Gadwin
2014-04-07 09:15 - 2014-04-07 09:15 - 00014354 _____ () C:\Users\samir\Downloads\The Hobbit The Desolation of Smaug 2013

FRENCH BRRip XviD-CARPEDIEM.avi.torrent
2014-04-06 14:02 - 2014-04-06 14:02 - 00006119 _____ () C:\Users\samir\Downloads\In Pixio Photo-Clip 5 Pro v5.01.2670

VirusFree.torrent
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\Users\samir\AppData\Roaming

\PhotoDentelle.7CA754E80384989F1590458075592A9DCA619756.1
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\Users\samir\AppData\Roaming\PhotoDentelle
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-06 13:18 - 2014-04-06 13:18 - 00000000 ____D () C:\Users\samir\AppData\Local\Adobe
2014-04-06 11:35 - 2014-04-06 11:35 - 00009254 _____ () C:\Users\samir\Downloads\Pirate-Informatique-Avril-Juin-

2014.pdf.torrent
2014-04-06 00:51 - 2014-04-07 11:23 - 00000000 ____D () C:\Users\samir\AppData\Roaming\BitComet
2014-04-05 20:45 - 2014-04-05 20:45 - 00000000 ____D () C:\Program Files\GtkSharp
2014-04-05 20:44 - 2014-04-05 20:44 - 00001801 _____ () C:\Users\Public\Desktop\Kepard.lnk
2014-04-05 20:44 - 2014-04-05 20:44 - 00000000 ____D () C:\Program Files\Kepard
2014-04-05 14:32 - 2014-04-05 14:32 - 00000771 _____ () C:\Users\samir\Desktop\photomaton.txt
2014-04-05 13:53 - 2014-04-05 13:54 - 00033450 _____ () C:\Users\samir\Downloads\cc_20140405_135332.reg
2014-04-05 11:09 - 2014-04-05 11:09 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Avira
2014-04-05 11:08 - 2014-04-05 11:08 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-05 11:07 - 2014-04-05 11:07 - 00000000 ____D () C:\ProgramData\Avira
2014-04-05 11:07 - 2014-04-05 11:07 - 00000000 ____D () C:\Program Files\Avira
2014-04-05 11:07 - 2013-12-13 15:21 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-04-05 11:07 - 2013-12-13 15:20 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avipbb.sys
2014-04-05 11:07 - 2013-12-13 15:20 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avgntflt.sys
2014-04-05 11:07 - 2013-12-13 15:20 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avnetflt.sys
2014-04-05 11:07 - 2013-12-13 15:20 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avkmgr.sys
2014-04-05 10:50 - 2014-04-05 10:50 - 00056947 _____ () C:\Users\samir\Downloads

\Casse.Tete.Chinois.2013.FRENCH.720p.BluRay.x264-ChineseCasseCouilles.torrent
2014-04-05 10:39 - 2014-04-05 10:39 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLib.sys
2014-04-05 01:02 - 2014-04-05 11:36 - 00000000 ____D () C:\Program Files\Runtime Software
2014-04-05 00:55 - 2014-04-05 11:35 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files\Ontrack
2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-04-04 18:54 - 2014-04-04 18:54 - 00243574 _____ () C:\ProgramData\1396630411.bdinstall.bin
2014-04-04 18:31 - 2014-04-04 18:31 - 00421810 _____ () C:\ProgramData\1396625717.bdinstall.bin
2014-04-04 12:24 - 2014-04-04 12:24 - 00018775 _____ () C:\Users\samir\Desktop\hijackthis.log
2014-04-04 12:00 - 2014-04-04 12:00 - 00000851 _____ () C:\Users\samir\Desktop\µTorrent.lnk
2014-04-04 12:00 - 2014-04-04 12:00 - 00000831 _____ () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\µTorrent.lnk
2014-04-04 03:27 - 2014-04-05 00:43 - 01166832 _____ (DataRescue sa/nv ) C:\Users\samir\Downloads\expertsetup [1].exe
2014-04-02 11:42 - 2014-04-02 11:42 - 00001652 _____ () C:\Users\samir\Desktop\Nero StartSmart.lnk
2014-04-02 11:40 - 2014-04-02 11:40 - 00000000 ____D () C:\Users\samir\AppData\Local\Ahead
2014-04-02 11:38 - 2014-04-02 11:38 - 00000000 ____D () C:\Users\samir\Documents\Fax
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\Program Files\Ahead
2014-04-02 11:37 - 2004-03-02 17:37 - 00125184 ____N (Ahead Software AG) C:\Windows\system32\Drivers\imagesrv.sys
2014-04-02 11:37 - 2004-03-02 17:37 - 00005504 ____N (Ahead Software AG) C:\Windows\system32\Drivers\imagedrv.sys
2014-04-02 11:37 - 2001-07-09 11:50 - 00155648 _____ (Ahead Software Gmbh) C:\Windows\system32\NeroCheck.exe
2014-04-02 11:37 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\Windows\system32\TwnLib20.dll
2014-04-02 11:29 - 2002-07-17 15:20 - 00084832 _____ (Adaptec) C:\Windows\system32\Drivers\ASPI32.SYS
2014-04-02 11:24 - 2009-09-04 03:36 - 00299008 _____ (Koyote Soft - http://www.koyotesoft.com) C:\Windows

\system32\TubeFinder.exe
2014-04-02 11:24 - 2009-06-19 19:51 - 00364544 _____ () C:\Windows\system32\PropertyGrid.ocx
2014-04-02 11:24 - 2009-06-19 19:51 - 00208500 _____ () C:\Windows\system32\ReyXpBasics.tlb
2014-04-02 11:24 - 2009-06-19 19:51 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\COMDLG32.OCX
2014-04-02 11:24 - 2009-06-19 19:51 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCFR.DLL
2014-04-02 11:24 - 2009-06-19 19:51 - 00119568 _____ (Microsoft Corporation) C:\Windows\system32\VB6FR.DLL
2014-04-02 11:24 - 2009-06-19 19:51 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\VB6STKIT.DLL
2014-04-02 11:24 - 2009-06-19 19:51 - 00084512 _____ (Microsoft Corporation) C:\Windows\system32\PICCLP32.OCX
2014-04-02 11:24 - 2009-06-19 19:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\CMDLGFR.DLL
2014-04-02 11:24 - 2009-06-19 19:51 - 00024576 _____ () C:\Windows\system32\ControlSubX.ocx
2014-04-02 11:24 - 2009-06-19 19:51 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\PCCLPFR.DLL
2014-04-01 11:58 - 2014-04-01 12:32 - 00000000 ____D () C:\Users\samir\AppData\Roaming\PhotoFiltre Studio X
2014-04-01 11:58 - 2014-04-01 11:58 - 00001058 _____ () C:\Users\samir\Desktop\PhotoFiltre Studio X.lnk
2014-04-01 11:58 - 2014-04-01 11:58 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\PhotoFiltre Studio X
2014-04-01 11:57 - 2014-04-01 11:58 - 00000000 ____D () C:\Program Files\PhotoFiltre Studio X
2014-04-01 10:55 - 2014-04-01 10:56 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Nero
2014-04-01 10:51 - 2014-04-03 14:31 - 00000000 ____D () C:\ProgramData\Nero
2014-04-01 10:40 - 2014-04-01 10:40 - 00011315 _____ () C:\Users\samir\Downloads\Nero 2014 Platinum 15.0.03400 Final

fr.torrent
2014-04-01 10:18 - 2014-04-01 10:24 - 00000000 ____D () C:\Users\samir\Desktop\mom
2014-03-29 03:14 - 2014-03-29 03:14 - 00000264 ____T () C:\Windows\system32\ashBA03.tmp
2014-03-26 19:50 - 2014-04-04 16:57 - 00000000 ____D () C:\Users\samir\Desktop\FOREVER
2014-03-26 18:27 - 2014-04-08 10:49 - 00000000 ____D () C:\Users\samir\AppData\Roaming\IDM
2014-03-26 18:27 - 2014-03-26 18:27 - 00000983 _____ () C:\Users\samir\Desktop\Internet Download Manager.lnk
2014-03-26 18:27 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Internet Download Manager
2014-03-26 18:27 - 2014-03-26 18:27 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-03-25 14:07 - 2014-03-25 14:07 - 00000096 _____ () C:\Users\samir\Desktop\ad primark barcelone.txt
2014-03-24 20:16 - 2014-03-24 20:16 - 00017143 _____ () C:\Users\samir\Downloads\Human-Anatomy-Atlas-Setup.exe.torrent
2014-03-24 15:33 - 2014-03-24 15:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-24 15:30 - 2014-03-24 15:39 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-03-24 15:29 - 2014-03-24 15:29 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-03-24 09:50 - 2014-03-24 09:50 - 00011595 _____ () C:\Users\samir\Downloads\STF-Photographie-Magazine-No.4.pdf.torrent
2014-03-23 13:47 - 2014-03-23 13:58 - 00000209 _____ () C:\Users\samir\Desktop\Nouveau document texte (2).txt
2014-03-22 23:10 - 2014-03-22 23:10 - 00000000 ____D () C:\Users\samir\Desktop\The Economist - December 22 2012
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BitGuard
2014-03-22 10:57 - 2014-03-22 10:57 - 01211984 _____ (BitTorrent Inc.) C:\Users\samir\Downloads\utorrent.exe
2014-03-21 20:35 - 2014-03-21 23:05 - 00005756 _____ () C:\Users\samir\Desktop\muscu.txt
2014-03-21 19:29 - 2014-03-21 19:29 - 00396120 __RSH () C:\JTRCF
2014-03-21 19:29 - 2014-03-21 19:29 - 00000020 __RSH () C:\win7.ld
2014-03-20 19:27 - 2014-03-21 13:24 - 00000191 _____ () C:\Users\samir\Desktop\appli .txt
2014-03-19 23:54 - 2014-03-19 23:54 - 00057031 _____ () C:\Users\samir\Downloads

\Better.Living.Through.Chemistry.2014.VOSTFR.DVDRiP.avi.torrent
2014-03-19 12:38 - 2014-03-19 12:38 - 00068976 _____ () C:\Users\samir\Downloads\True Detective - 01x02 - Seeing

Things.2HD.French.HI.C.updated.Addic7ed.com.srt
2014-03-19 12:38 - 2014-03-19 12:38 - 00066689 _____ () C:\Users\samir\Downloads\True Detective - 01x02 - Seeing

Things.2HD.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:36 - 2014-03-19 12:36 - 00068212 _____ () C:\Users\samir\Downloads\True Detective - 01x01 - The Long Bright

Dark.KILLERS.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:35 - 2014-03-19 12:35 - 00023160 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.English.C.orig.Addic7ed.com.srt
2014-03-19 12:34 - 2014-03-19 12:34 - 00023980 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:34 - 2014-03-19 12:34 - 00023952 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.French.C.updated.Addic7ed.com.srt
2014-03-16 20:50 - 2014-03-16 20:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-15 20:30 - 2014-04-02 11:11 - 00000000 ____D () C:\Users\samir\Desktop\a graver latest
2014-03-15 14:32 - 2014-03-15 14:32 - 00291840 _____ () C:\Users\samir\Downloads\Cas-Jurassis-toys-éléments-de-

correction.ppt
2014-03-13 14:40 - 2014-03-29 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-13 14:40 - 2014-03-13 14:40 - 00001109 _____ () C:\Users\Public\Desktop\firefox.lnk
2014-03-13 14:40 - 2014-03-13 14:40 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Mozilla
2014-03-13 00:39 - 2014-03-13 00:39 - 00222729 _____ () C:\Users\samir\Downloads

\the.lego.Movie.2014.TRUEFRENCH.MD.CAM.XvID-JOKER.avi.torrent
2014-03-13 00:39 - 2014-03-13 00:39 - 00014897 _____ () C:\Users\samir\Downloads

\The.Bag.Man.2014.FANSUB.VOSTFR.LiMiTED.BRRiP.XviD.AC3-NIKOo.torrent
2014-03-13 00:38 - 2014-03-13 00:38 - 00141661 _____ () C:\Users\samir\Downloads

\Her.2013.FANSUB.VOSTFR.DVDSCR.XVID.AC3.avi.torrent
2014-03-12 20:10 - 2014-03-12 20:10 - 01015230 _____ () C:\Users\samir\Downloads\ENSOSP CONFERENCE - EMMANUEL DAOUD - LA

LUTTE CONTRE LA CYBERCRIMINALITE.pptx

==================== One Month Modified Files and Folders =======

2014-04-11 12:10 - 2014-04-09 18:01 - 00000000 ____D () C:\FRST
2014-04-11 12:10 - 2014-02-20 09:06 - 00000000 ____D () C:\Users\samir\AppData\Roaming\uTorrent
2014-04-11 11:39 - 2014-04-11 11:39 - 00000539 _____ () C:\Users\samir\Desktop\MBR.rar
2014-04-11 11:37 - 2014-04-11 11:37 - 00002140 _____ () C:\Users\samir\Desktop\aswMBR.txt
2014-04-11 11:37 - 2014-04-11 11:37 - 00000512 _____ () C:\Users\samir\Desktop\MBR.dat
2014-04-11 11:34 - 2014-04-11 11:34 - 00072844 _____ () C:\Users\samir\Downloads\Suits - 03x16 - No Way

Out.KILLERS.English.HI.C.orig.Addic7ed.com.srt
2014-04-11 11:34 - 2014-04-11 11:34 - 00071020 _____ () C:\Users\samir\Downloads\Suits - 03x16 - No Way

Out.KILLERS.French.C.updated.Addic7ed.com.srt
2014-04-11 09:50 - 2014-02-16 13:45 - 00000000 ____D () C:\Peer to peer
2014-04-11 09:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-11 09:03 - 2014-02-20 14:25 - 00000000 ____D () C:\Users\samir\AppData\Roaming\vlc
2014-04-11 09:02 - 2014-04-11 09:02 - 04964560 _____ () C:\Users\samir\Downloads\NO SPECIAL FX  MRSTEEN  POPPIN JOHN -

PoppinJohnSBK - Vubecom.mp4
2014-04-11 08:53 - 2009-07-14 06:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 08:53 - 2009-07-14 06:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 08:48 - 2014-02-20 08:45 - 01826574 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 08:45 - 2012-02-14 23:52 - 00019634 _____ () C:\Windows\setupact.log
2014-04-11 08:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 00:52 - 2014-03-06 16:41 - 00000000 ____D () C:\Users\samir\AppData\Roaming\DMCache
2014-04-10 10:32 - 2010-11-20 23:01 - 01524562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 08:45 - 2014-04-10 08:45 - 00000000 _____ () C:\Users\samir\Downloads\Tommy Trash - Trashed Radio 016 2014-04-09

Tracklist  Playlist - 1001 Tracklists.m4a
2014-04-09 23:53 - 2014-04-09 23:53 - 00011462 _____ () C:\Users\samir\Downloads\Moda donna, moda uomo e accessori - Coveri

moda made in italy - ENRICO COVERI.htm
2014-04-09 23:53 - 2014-04-09 23:53 - 00000000 ____D () C:\Users\samir\Downloads\Moda donna, moda uomo e accessori - Coveri

moda made in italy - ENRICO COVERI_fichiers
2014-04-09 18:03 - 2014-04-09 18:03 - 00043459 _____ () C:\Users\samir\Downloads\FRST.txt
2014-04-09 18:03 - 2014-04-09 18:03 - 00016563 _____ () C:\Users\samir\Downloads\Addition.txt
2014-04-09 11:44 - 2014-04-09 11:44 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-08 18:21 - 2014-04-08 18:21 - 00014777 _____ () C:\Users\samir\Downloads\August Osage County-2013-FRENCH-

BRRip.Xvid-h@mster.avi.torrent
2014-04-08 11:09 - 2014-04-08 11:09 - 00095397 _____ () C:\Users\samir\Downloads\rules_4.bin
2014-04-08 10:52 - 2014-03-06 16:41 - 00000000 ____D () C:\Users\samir\Downloads\Video
2014-04-08 10:49 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\samir\AppData\Roaming\IDM
2014-04-08 10:46 - 2014-04-08 10:46 - 00095397 _____ () C:\Users\samir\Downloads\rules_3.bin
2014-04-07 18:04 - 2014-04-07 18:04 - 00095397 _____ () C:\Users\samir\Downloads\rules_2.bin
2014-04-07 12:33 - 2014-04-07 12:33 - 00095397 _____ () C:\Users\samir\Downloads\rules.bin
2014-04-07 11:26 - 2014-04-07 11:26 - 10958933 _____ () C:\Users\samir\Downloads\Calvin Harris - Summer Download MP3.flv
2014-04-07 11:23 - 2014-04-06 00:51 - 00000000 ____D () C:\Users\samir\AppData\Roaming\BitComet
2014-04-07 09:44 - 2014-04-07 09:44 - 00002263 _____ () C:\Users\Public\Desktop\Gadwin PrintScreenPro (32-Bit).lnk
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Gadwin
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Users\samir\AppData\Local\Gadwin
2014-04-07 09:44 - 2014-04-07 09:44 - 00000000 ____D () C:\Program Files\Gadwin
2014-04-07 09:15 - 2014-04-07 09:15 - 00014354 _____ () C:\Users\samir\Downloads\The Hobbit The Desolation of Smaug 2013

FRENCH BRRip XviD-CARPEDIEM.avi.torrent
2014-04-06 15:12 - 2014-03-07 15:16 - 00003302 _____ () C:\Users\samir\Desktop\appareil photo.txt
2014-04-06 14:02 - 2014-04-06 14:02 - 00006119 _____ () C:\Users\samir\Downloads\In Pixio Photo-Clip 5 Pro v5.01.2670

VirusFree.torrent
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\Users\samir\AppData\Roaming

\PhotoDentelle.7CA754E80384989F1590458075592A9DCA619756.1
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\Users\samir\AppData\Roaming\PhotoDentelle
2014-04-06 13:20 - 2014-04-06 13:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-06 13:20 - 2014-02-20 09:19 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Adobe
2014-04-06 13:18 - 2014-04-06 13:18 - 00000000 ____D () C:\Users\samir\AppData\Local\Adobe
2014-04-06 13:13 - 2014-03-06 16:41 - 00000000 ____D () C:\Users\samir\Downloads\Compressed
2014-04-06 11:35 - 2014-04-06 11:35 - 00009254 _____ () C:\Users\samir\Downloads\Pirate-Informatique-Avril-Juin-

2014.pdf.torrent
2014-04-05 23:26 - 2014-02-21 10:21 - 00319524 _____ () C:\Windows\PFRO.log
2014-04-05 20:45 - 2014-04-05 20:45 - 00000000 ____D () C:\Program Files\GtkSharp
2014-04-05 20:44 - 2014-04-05 20:44 - 00001801 _____ () C:\Users\Public\Desktop\Kepard.lnk
2014-04-05 20:44 - 2014-04-05 20:44 - 00000000 ____D () C:\Program Files\Kepard
2014-04-05 14:32 - 2014-04-05 14:32 - 00000771 _____ () C:\Users\samir\Desktop\photomaton.txt
2014-04-05 13:54 - 2014-04-05 13:53 - 00033450 _____ () C:\Users\samir\Downloads\cc_20140405_135332.reg
2014-04-05 11:36 - 2014-04-05 01:02 - 00000000 ____D () C:\Program Files\Runtime Software
2014-04-05 11:35 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2014-04-05 11:18 - 2009-07-14 04:04 - 00000489 _____ () C:\Windows\win.ini
2014-04-05 11:09 - 2014-04-05 11:09 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Avira
2014-04-05 11:08 - 2014-04-05 11:08 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-05 11:07 - 2014-04-05 11:07 - 00000000 ____D () C:\ProgramData\Avira
2014-04-05 11:07 - 2014-04-05 11:07 - 00000000 ____D () C:\Program Files\Avira
2014-04-05 10:50 - 2014-04-05 10:50 - 00056947 _____ () C:\Users\samir\Downloads

\Casse.Tete.Chinois.2013.FRENCH.720p.BluRay.x264-ChineseCasseCouilles.torrent
2014-04-05 10:39 - 2014-04-05 10:39 - 00052928 _____ (StdLib) C:\Windows\system32\Drivers\wStLib.sys
2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files\Ontrack
2014-04-05 00:55 - 2014-04-05 00:55 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-04-05 00:43 - 2014-04-04 03:27 - 01166832 _____ (DataRescue sa/nv ) C:\Users\samir\Downloads\expertsetup [1].exe
2014-04-04 19:19 - 2014-03-07 09:24 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-04 18:54 - 2014-04-04 18:54 - 00243574 _____ () C:\ProgramData\1396630411.bdinstall.bin
2014-04-04 18:54 - 2014-03-07 10:01 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-04-04 18:54 - 2014-03-06 19:52 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-04-04 18:31 - 2014-04-04 18:31 - 00421810 _____ () C:\ProgramData\1396625717.bdinstall.bin
2014-04-04 16:57 - 2014-03-26 19:50 - 00000000 ____D () C:\Users\samir\Desktop\FOREVER
2014-04-04 12:24 - 2014-04-04 12:24 - 00018775 _____ () C:\Users\samir\Desktop\hijackthis.log
2014-04-04 12:00 - 2014-04-04 12:00 - 00000851 _____ () C:\Users\samir\Desktop\µTorrent.lnk
2014-04-04 12:00 - 2014-04-04 12:00 - 00000831 _____ () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\µTorrent.lnk
2014-04-04 00:35 - 2014-02-21 23:06 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Skype
2014-04-03 14:31 - 2014-04-01 10:51 - 00000000 ____D () C:\ProgramData\Nero
2014-04-03 01:01 - 2009-07-14 06:53 - 00032484 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-02 11:42 - 2014-04-02 11:42 - 00001652 _____ () C:\Users\samir\Desktop\Nero StartSmart.lnk
2014-04-02 11:40 - 2014-04-02 11:40 - 00000000 ____D () C:\Users\samir\AppData\Local\Ahead
2014-04-02 11:38 - 2014-04-02 11:38 - 00000000 ____D () C:\Users\samir\Documents\Fax
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-02 11:37 - 2014-04-02 11:37 - 00000000 ____D () C:\Program Files\Ahead
2014-04-02 11:11 - 2014-03-15 20:30 - 00000000 ____D () C:\Users\samir\Desktop\a graver latest
2014-04-01 12:32 - 2014-04-01 11:58 - 00000000 ____D () C:\Users\samir\AppData\Roaming\PhotoFiltre Studio X
2014-04-01 11:58 - 2014-04-01 11:58 - 00001058 _____ () C:\Users\samir\Desktop\PhotoFiltre Studio X.lnk
2014-04-01 11:58 - 2014-04-01 11:58 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\PhotoFiltre Studio X
2014-04-01 11:58 - 2014-04-01 11:57 - 00000000 ____D () C:\Program Files\PhotoFiltre Studio X
2014-04-01 10:56 - 2014-04-01 10:55 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Nero
2014-04-01 10:40 - 2014-04-01 10:40 - 00011315 _____ () C:\Users\samir\Downloads\Nero 2014 Platinum 15.0.03400 Final

fr.torrent
2014-04-01 10:24 - 2014-04-01 10:18 - 00000000 ____D () C:\Users\samir\Desktop\mom
2014-03-31 22:11 - 2013-11-08 15:32 - 00000000 ____D () C:\P2P
2014-03-30 22:38 - 2014-03-11 15:57 - 00000395 _____ () C:\Windows\system32\checkdnsid.xml
2014-03-29 21:12 - 2014-03-13 14:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 14:52 - 2014-02-20 14:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-29 14:33 - 2014-02-20 09:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 03:14 - 2014-03-29 03:14 - 00000264 ____T () C:\Windows\system32\ashBA03.tmp
2014-03-26 18:27 - 2014-03-26 18:27 - 00000983 _____ () C:\Users\samir\Desktop\Internet Download Manager.lnk
2014-03-26 18:27 - 2014-03-26 18:27 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Internet Download Manager
2014-03-26 18:27 - 2014-03-26 18:27 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-03-25 17:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-25 14:07 - 2014-03-25 14:07 - 00000096 _____ () C:\Users\samir\Desktop\ad primark barcelone.txt
2014-03-25 00:19 - 2014-02-20 08:42 - 00370488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 22:10 - 2014-02-20 09:04 - 00099760 _____ () C:\Users\samir\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 20:16 - 2014-03-24 20:16 - 00017143 _____ () C:\Users\samir\Downloads\Human-Anatomy-Atlas-Setup.exe.torrent
2014-03-24 17:10 - 2011-04-12 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-03-24 17:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-24 15:39 - 2014-03-24 15:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-03-24 15:39 - 2014-02-20 14:24 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-24 15:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-24 15:33 - 2014-03-24 15:33 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2014-03-24 15:33 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-03-24 15:32 - 2014-03-24 15:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-24 15:29 - 2014-03-24 15:29 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-03-24 09:50 - 2014-03-24 09:50 - 00011595 _____ () C:\Users\samir\Downloads\STF-Photographie-Magazine-No.4.pdf.torrent
2014-03-23 13:58 - 2014-03-23 13:47 - 00000209 _____ () C:\Users\samir\Desktop\Nouveau document texte (2).txt
2014-03-22 23:10 - 2014-03-22 23:10 - 00000000 ____D () C:\Users\samir\Desktop\The Economist - December 22 2012
2014-03-22 12:56 - 2014-03-05 21:36 - 00000000 ____D () C:\Users\samir\Documents\droit
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BitGuard
2014-03-22 10:57 - 2014-03-22 10:57 - 01211984 _____ (BitTorrent Inc.) C:\Users\samir\Downloads\utorrent.exe
2014-03-21 23:05 - 2014-03-21 20:35 - 00005756 _____ () C:\Users\samir\Desktop\muscu.txt
2014-03-21 19:29 - 2014-03-21 19:29 - 00396120 __RSH () C:\JTRCF
2014-03-21 19:29 - 2014-03-21 19:29 - 00000020 __RSH () C:\win7.ld
2014-03-21 13:24 - 2014-03-20 19:27 - 00000191 _____ () C:\Users\samir\Desktop\appli .txt
2014-03-20 10:14 - 2014-02-22 20:24 - 00000000 ____D () C:\Users\samir\AppData\Roaming\newnext.me
2014-03-19 23:54 - 2014-03-19 23:54 - 00057031 _____ () C:\Users\samir\Downloads

\Better.Living.Through.Chemistry.2014.VOSTFR.DVDRiP.avi.torrent
2014-03-19 12:38 - 2014-03-19 12:38 - 00068976 _____ () C:\Users\samir\Downloads\True Detective - 01x02 - Seeing

Things.2HD.French.HI.C.updated.Addic7ed.com.srt
2014-03-19 12:38 - 2014-03-19 12:38 - 00066689 _____ () C:\Users\samir\Downloads\True Detective - 01x02 - Seeing

Things.2HD.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:36 - 2014-03-19 12:36 - 00068212 _____ () C:\Users\samir\Downloads\True Detective - 01x01 - The Long Bright

Dark.KILLERS.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:35 - 2014-03-19 12:35 - 00023160 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.English.C.orig.Addic7ed.com.srt
2014-03-19 12:34 - 2014-03-19 12:34 - 00023980 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.English.HI.C.orig.Addic7ed.com.srt
2014-03-19 12:34 - 2014-03-19 12:34 - 00023952 _____ () C:\Users\samir\Downloads\True Detective - 01x00 - Making True

Detective.err0001.French.C.updated.Addic7ed.com.srt
2014-03-16 20:50 - 2014-03-16 20:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-03-15 22:06 - 2014-02-25 15:59 - 00000000 ____D () C:\Users\samir\Desktop\éléments
2014-03-15 21:59 - 2014-02-21 00:49 - 00000000 ____D () C:\Users\samir\Desktop\3année
2014-03-15 14:32 - 2014-03-15 14:32 - 00291840 _____ () C:\Users\samir\Downloads\Cas-Jurassis-toys-éléments-de-

correction.ppt
2014-03-13 14:40 - 2014-03-13 14:40 - 00001109 _____ () C:\Users\Public\Desktop\firefox.lnk
2014-03-13 14:40 - 2014-03-13 14:40 - 00000000 ____D () C:\Users\samir\AppData\Roaming\Mozilla
2014-03-13 00:39 - 2014-03-13 00:39 - 00222729 _____ () C:\Users\samir\Downloads

\the.lego.Movie.2014.TRUEFRENCH.MD.CAM.XvID-JOKER.avi.torrent
2014-03-13 00:39 - 2014-03-13 00:39 - 00014897 _____ () C:\Users\samir\Downloads

\The.Bag.Man.2014.FANSUB.VOSTFR.LiMiTED.BRRiP.XviD.AC3-NIKOo.torrent
2014-03-13 00:38 - 2014-03-13 00:38 - 00141661 _____ () C:\Users\samir\Downloads

\Her.2013.FANSUB.VOSTFR.DVDSCR.XVID.AC3.avi.torrent
2014-03-12 20:10 - 2014-03-12 20:10 - 01015230 _____ () C:\Users\samir\Downloads\ENSOSP CONFERENCE - EMMANUEL DAOUD - LA

LUTTE CONTRE LA CYBERCRIMINALITE.pptx

Some content of TEMP:
====================
C:\Users\samir\AppData\Local\Temp\avgnt.exe
C:\Users\samir\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\samir\AppData\Local\Temp\Delta.exe
C:\Users\samir\AppData\Local\Temp\DeltaTB.exe
C:\Users\samir\AppData\Local\Temp\MybabylonTB.exe
C:\Users\samir\AppData\Local\Temp\utt6C3E.tmp.exe
C:\Users\samir\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\samir\AppData\Local\Temp\WSSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-02-05 02:50] - [2012-02-09 00:35] - 2723328 ____A (Microsoft Corporation) 653175E41C29D547C790A0AC67E8F7F0

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 12:09

==================== End Of Log ============================

Attached Files



#4 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 11 April 2014 - 08:41 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-11 11:35:12
-----------------------------
11:35:12.051    OS Version: Windows 6.1.7601 Service Pack 1
11:35:12.051    Number of processors: 2 586 0x170A
11:35:12.051    ComputerName: SAMIR-PC  UserName: samir
11:35:13.317    Initialize success
11:35:31.607    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
11:35:31.607    Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3
11:35:31.701    Disk 0 MBR read successfully
11:35:31.716    Disk 0 MBR scan
11:35:31.716    Disk 0 Windows 7 default MBR code
11:35:31.716    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       128927 MB offset 63
11:35:31.716    Disk 0 Partition - 00     0F Extended LBA            348009 MB offset 264044340
11:35:31.732    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       116008 MB offset 264044403
11:35:31.732    Disk 0 Partition - 00     05     Extended            116008 MB offset 501629625
11:35:31.748    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       116008 MB offset 501629688
11:35:31.748    Disk 0 Partition - 00     05     Extended            115992 MB offset 976800195
11:35:31.763    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       115992 MB offset 739214973
11:35:31.779    Disk 0 scanning sectors +976768065
11:35:31.810    Disk 0 scanning C:\Windows\system32\drivers
11:35:41.388    Service scanning
11:35:54.421    Modules scanning
11:36:07.245    Disk 0 trace - called modules:
11:36:07.257    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
11:36:07.263    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8542e5f8]
11:36:07.268    3 CLASSPNP.SYS[8827659e] -> nt!IofCallDriver -> [0x8534c918]
11:36:07.273    5 ACPI.sys[87a463d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85366908]
11:36:07.280    Scan finished successfully
11:37:40.469    Disk 0 MBR has been saved successfully to "C:\Users\samir\Desktop\MBR.dat"
11:37:40.478    The log file has been saved successfully to "C:\Users\samir\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   595bytes   1 downloads


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 11 April 2014 - 11:18 AM

Please do the following:

 

Download attached fixlist.txt file and save it to the Downloads\Programs folder as that is where FRST is saved.

 

Attached File  FixList.txt   2.32KB   2 downloads

 

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 12 April 2014 - 04:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by samir at 2014-04-12 22:14:20 Run:1
Running from C:\Users\samir\Downloads\Programs
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~1\BROWSE~1\SAFETY~1\SAFETY~2.DLL => C:\PROGRA~1\BROWSE~1\SAFETY~1\SAFETY~2.DLL File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\browser tab search by ask\safetynut\x64\safetycrt.dll
2014-03-29 03:14 - 2014-03-29 03:14 - 00000264 ____T () C:\Windows\system32\ashBA03.tmp
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-03-22 11:49 - 2014-03-22 11:49 - 00000000 ____D () C:\ProgramData\BitGuard
C:\Users\samir\AppData\Local\Temp\avgnt.exe
C:\Users\samir\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\samir\AppData\Local\Temp\Delta.exe
C:\Users\samir\AppData\Local\Temp\DeltaTB.exe
C:\Users\samir\AppData\Local\Temp\MybabylonTB.exe
C:\Users\samir\AppData\Local\Temp\utt6C3E.tmp.exe
C:\Users\samir\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\samir\AppData\Local\Temp\WSSetup.exe
end





*****************

"C:\\PROGRA~1\\BROWSE~1\\SAFETY~1\\SAFETY~2.DLL" => Value Data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
C:\Windows\system32\ashBA03.tmp => Moved successfully.
C:\ProgramData\BrowserProtect => Moved successfully.
C:\ProgramData\Browser Manager => Moved successfully.
C:\ProgramData\BitGuard => Moved successfully.
C:\Users\samir\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\Delta.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\DeltaTB.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\utt6C3E.tmp.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\samir\AppData\Local\Temp\WSSetup.exe => Moved successfully.

==== End of Fixlog ====



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 12 April 2014 - 04:26 PM

looks better,

 

Please run the following:

 

Refer to the ComboFix User's Guide

 

  • Download ComboFix from the following location:

     

    Link

     

    * IMPORTANT !!! Place ComboFix.exe on your  Desktop

     

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

     

  • Double click on ComboFix.exe & follow the prompts.

  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    ---------------------------------------------------------------------------------------------

     

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    ---------------------------------------------------------------------------------------------

 

NOTE:  If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 16 April 2014 - 09:10 AM

Sorry for the delay .


ComboFix 14-04-12.01 - samir 15/04/2014  16:40:18.1.2 - x86
Microsoft Windows 7 Professionnel   6.1.7601.1.1252.33.1036.18.1014.152 [GMT 2:00]
Lancé depuis: c:\users\samir\Downloads\Programs\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1394128625.1624.bin
c:\programdata\1394128625.1696.bin
c:\programdata\1394128625.3616.bin
c:\programdata\1394128625.4404.bin
c:\programdata\1394128625.4880.bin
c:\programdata\1394128625.4972.bin
c:\programdata\1394128625.5004.bin
c:\programdata\1394128625.5080.bin
c:\programdata\1394128625.5248.bin
c:\programdata\1394128625.5464.bin
c:\programdata\1394128625.600.bin
c:\programdata\1394128625.736.bin
c:\programdata\1394148663.2012.bin
c:\programdata\1394148663.2464.bin
c:\programdata\1394148663.2796.bin
c:\programdata\1394148663.3544.bin
c:\programdata\1394148663.3972.bin
c:\programdata\1394149236.bdinstall.bin
c:\programdata\1394174233.bdinstall.bin
c:\programdata\1394179075.bdinstall.bin
c:\programdata\1394179295.bdinstall.bin
c:\programdata\1396625717.bdinstall.bin
c:\programdata\1396630411.bdinstall.bin
c:\windows\system32\cmd.ico
c:\windows\system32\lake.scr
c:\windows\system32\s.ico
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-03-15 au 2014-04-15  ))))))))))))))))))))))))))))))))))))
.
.
2014-04-15 14:46 . 2014-04-15 14:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-09 16:01 . 2014-04-12 20:14    --------    d-----w-    C:\FRST
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\users\samir\AppData\Roaming\Gadwin
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\users\samir\AppData\Local\Gadwin
2014-04-07 07:44 . 2014-04-07 07:44    --------    d-----w-    c:\program files\Gadwin
2014-04-06 11:20 . 2014-04-06 11:20    --------    d-----w-    c:\users\samir\AppData\Roaming\PhotoDentelle
2014-04-06 11:18 . 2014-04-06 11:18    --------    d-----w-    c:\users\samir\AppData\Local\Adobe
2014-04-05 22:52 . 2014-04-07 09:23    --------    d-----w-    C:\Downloads
2014-04-05 22:51 . 2014-04-07 09:23    --------    d-----w-    c:\users\samir\AppData\Roaming\BitComet
2014-04-05 18:45 . 2014-04-05 18:45    --------    d-----w-    c:\program files\GtkSharp
2014-04-05 18:44 . 2014-04-05 18:44    --------    d-----w-    c:\program files\Kepard
2014-04-05 09:09 . 2014-04-05 09:09    --------    d-----w-    c:\users\samir\AppData\Roaming\Avira
2014-04-05 09:07 . 2013-12-13 13:20    69240    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-04-05 09:07 . 2013-12-13 13:20    90400    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-04-05 09:07 . 2013-12-13 13:20    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2014-04-05 09:07 . 2013-12-13 13:20    135648    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-04-05 09:07 . 2014-04-05 09:07    --------    d-----w-    c:\programdata\Avira
2014-04-05 09:07 . 2014-04-05 09:07    --------    d-----w-    c:\program files\Avira
2014-04-05 08:39 . 2014-04-05 08:39    52928    ----a-w-    c:\windows\system32\drivers\wStLib.sys
2014-04-04 23:02 . 2014-04-05 09:36    --------    d-----w-    c:\program files\Runtime Software
2014-04-04 22:55 . 2014-04-05 09:35    --------    d-----w-    c:\program files\InstallShield Installation Information
2014-04-04 22:55 . 2014-04-04 22:55    --------    d-----w-    c:\program files\Ontrack
2014-04-04 22:55 . 2014-04-04 22:55    --------    d-----w-    c:\program files\Common Files\InstallShield
2014-04-02 09:40 . 2014-04-02 09:40    --------    d-----w-    c:\users\samir\AppData\Local\Ahead
2014-04-02 09:37 . 2004-03-02 15:37    125184    ------w-    c:\windows\system32\drivers\imagesrv.sys
2014-04-02 09:37 . 2004-03-02 15:37    5504    ------w-    c:\windows\system32\drivers\imagedrv.sys
2014-04-02 09:37 . 2000-06-26 09:45    106496    ----a-w-    c:\windows\system32\TwnLib20.dll
2014-04-02 09:37 . 2001-07-09 09:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
2014-04-02 09:37 . 2014-04-02 09:37    --------    d-----w-    c:\program files\Common Files\Ahead
2014-04-02 09:37 . 2014-04-02 09:37    --------    d-----w-    c:\program files\Ahead
2014-04-02 09:29 . 2002-07-17 13:20    84832    ----a-w-    c:\windows\system32\drivers\ASPI32.SYS
2014-04-02 09:24 . 2009-09-04 01:36    299008    ----a-w-    c:\windows\system32\TubeFinder.exe
2014-04-02 09:24 . 2009-06-19 17:51    364544    ----a-w-    c:\windows\system32\PropertyGrid.ocx
2014-04-02 09:24 . 2009-06-19 17:51    119568    ----a-w-    c:\windows\system32\VB6FR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    101888    ----a-w-    c:\windows\system32\VB6STKIT.DLL
2014-04-02 09:24 . 2009-06-19 17:51    9728    ----a-w-    c:\windows\system32\PCCLPFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    84512    ----a-w-    c:\windows\system32\PICCLP32.OCX
2014-04-02 09:24 . 2009-06-19 17:51    24576    ----a-w-    c:\windows\system32\ControlSubX.ocx
2014-04-02 09:24 . 2009-06-19 17:51    141312    ----a-w-    c:\windows\system32\MSCMCFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    32768    ----a-w-    c:\windows\system32\CMDLGFR.DLL
2014-04-02 09:24 . 2009-06-19 17:51    152848    ----a-w-    c:\windows\system32\COMDLG32.OCX
2014-04-01 09:58 . 2014-04-01 10:32    --------    d-----w-    c:\users\samir\AppData\Roaming\PhotoFiltre Studio X
2014-04-01 09:57 . 2014-04-01 09:58    --------    d-----w-    c:\program files\PhotoFiltre Studio X
2014-04-01 08:55 . 2014-04-01 08:56    --------    d-----w-    c:\users\samir\AppData\Roaming\Nero
2014-04-01 08:51 . 2014-04-03 12:31    --------    d-----w-    c:\programdata\Nero
2014-03-26 16:27 . 2014-04-13 18:35    --------    d-----w-    c:\users\samir\AppData\Roaming\IDM
2014-03-26 16:27 . 2014-03-26 16:27    --------    d-----w-    c:\program files\Internet Download Manager
2014-03-25 15:21 . 2014-03-25 15:21    --------    d-----w-    c:\users\samir\AppData\Local\ElevatedDiagnostics
2014-03-24 13:33 . 2014-03-24 13:33    --------    d-----w-    c:\program files\Microsoft Synchronization Services
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\windows\PCHEALTH
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft.NET
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft Sync Framework
2014-03-24 13:32 . 2014-03-24 13:32    --------    d-----w-    c:\program files\Microsoft SQL Server Compact Edition
2014-03-24 13:30 . 2014-03-24 13:39    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2014-03-24 13:29 . 2014-03-24 13:29    --------    d-----w-    c:\program files\Microsoft Analysis Services
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-07 08:49 . 2014-03-07 08:49    27168    ----a-w-    c:\windows\system32\bdsandboxuh.dll
2014-03-07 08:20 . 2014-03-07 08:20    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin.dll
2014-02-20 23:10 . 2014-02-20 23:10    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-02-20 23:10 . 2014-02-20 23:10    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-20 23:10 . 2014-02-20 23:10    523264    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-20 23:10 . 2014-02-20 23:10    38400    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-20 23:10 . 2014-02-20 23:10    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-20 23:10 . 2014-02-20 23:10    185344    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-20 23:10 . 2014-02-20 23:10    1767936    ----a-w-    c:\windows\system32\wininet.dll
2014-02-20 23:10 . 2014-02-20 23:10    158720    ----a-w-    c:\windows\system32\msls31.dll
2014-02-20 23:10 . 2014-02-20 23:10    150528    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-20 23:10 . 2014-02-20 23:10    138752    ----a-w-    c:\windows\system32\wextract.exe
2014-02-20 23:10 . 2014-02-20 23:10    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-20 23:10 . 2014-02-20 23:10    12800    ----a-w-    c:\windows\system32\mshta.exe
2014-02-20 23:10 . 2014-02-20 23:10    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-20 23:10 . 2014-02-20 23:10    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-20 23:10 . 2014-02-20 23:10    61952    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-20 23:10 . 2014-02-20 23:10    61440    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-20 23:10 . 2014-02-20 23:10    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-20 23:10 . 2014-02-20 23:10    361984    ----a-w-    c:\windows\system32\html.iec
2014-02-20 23:10 . 2014-02-20 23:10    2877952    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-20 23:10 . 2014-02-20 23:10    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-20 23:10 . 2014-02-20 23:10    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-20 23:10 . 2014-02-20 23:10    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-20 23:10 . 2014-02-20 23:10    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-20 23:06 . 2014-02-20 23:06    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-02-20 23:05 . 2014-02-20 23:05    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-20 23:05 . 2014-02-20 23:05    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-20 23:04 . 2014-02-20 23:04    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-02-20 23:04 . 2014-02-20 23:04    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-02-20 23:04 . 2014-02-20 23:04    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2014-02-20 23:04 . 2014-02-20 23:04    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-02-20 23:04 . 2014-02-20 23:04    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2014-02-20 23:04 . 2014-02-20 23:04    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-02-20 23:04 . 2014-02-20 23:04    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-02-20 23:04 . 2014-02-20 23:04    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-02-20 23:04 . 2014-02-20 23:04    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-02-20 23:04 . 2014-02-20 23:04    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-02-20 23:04 . 2014-02-20 23:04    1988096    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-02-20 23:04 . 2014-02-20 23:04    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-02-20 23:04 . 2014-02-20 23:04    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-02-20 23:04 . 2014-02-20 23:04    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2014-02-20 23:04 . 2014-02-20 23:04    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-20 23:04 . 2014-02-20 23:04    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-02-20 23:04 . 2014-02-20 23:04    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-02-20 23:03 . 2014-02-20 23:03    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-02-20 14:50 . 2014-02-20 14:50    899184    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-02-20 14:40 . 2014-02-20 14:40    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-02-20 14:40 . 2014-02-20 14:40    639312    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-20 07:08 . 2014-02-20 07:08    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 07:08 . 2014-02-20 07:08    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-17 00:32 . 2014-03-06 02:49    7947048    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC1AA9C8-CE33-40A0-AB23-E33314D7FC80}\mpengine.dll
2014-01-27 08:58 . 2014-02-20 23:14    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-02-08 . DF0A0DDC4F4B6974805AA14C94D2804F . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[-] 2012-02-08 . ED4B3A206DCAC8E4071DD427F5C6AE99 . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2012-02-08 . C7BF9033DB886B1776C339193620FD27 . 2723328 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2012-02-08 . 653175E41C29D547C790A0AC67E8F7F0 . 2723328 . . [6.1.7600.16385] . . c:\windows\explorer.exe
.
[-] 2012-01-08 . 447622A80C2A3E40F6D2DCF16C63069B . 599040 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2012-01-08 . 447622A80C2A3E40F6D2DCF16C63069B . 599040 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-03-26 3821136]
"uTorrent"="c:\users\samir\AppData\Roaming\uTorrent\uTorrent.exe" [2014-04-05 1264984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-04-05 689744]
"Kepard"="c:\program files\Kepard\Kepard.exe" [2013-12-14 746496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
2006-09-21 03:01    139264    ----a-w-    c:\windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-20 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S1 wStLib;wStLib;c:\windows\system32\drivers\wStLib.sys [2014-04-05 52928]
S2 AntiVirMailService;Avira Protection e-mail;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-04-05 910416]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-04-05 440400]
S2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-04-05 1017424]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-13 69240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-28 108000]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: &Envoyer à OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 142.91.92.120 8.8.8.8
FF - ProfilePath - c:\users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
HKU-Default-Run-Bitdefender Agent de l'application Wallet - c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4246969510-2668884010-4153552468-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1C35BA6-81AA-8E74-E527-0B5C3DAF4243}*]
"maajkehckikkhififdbadblmhh"=hex:69,61,68,6c,69,6f,70,62,6f,65,6a,67,6f,61,68,
   62,67,62,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2014-04-15  16:53:04 - La machine a redémarré
ComboFix-quarantined-files.txt  2014-04-15 14:53
.
Avant-CF: 28 329 820 160 octets libres
Après-CF: 28 652 687 360 octets libres
.
- - End Of File - - F045ADBFF709FAAE4DFCD51B8D24C74F
A36C5E4F47E84449FF07ED3517B43A31
 



#9 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 16 April 2014 - 09:18 AM

i have remark after installation of ComboFix many folder like $RECYCLE.BIN were appared in my partitions, is it normal ?



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 16 April 2014 - 11:15 AM

Normally those files are hidden files, so it is normal

 

Click the start orb > type "folder options" (without the quotes) into the search box > click on the folder options folder that appears in the window above > click on the view tab > click "restore defaults" > click OK

 

 

NEXT

 

Please do the following:

 

 

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.

  • Right-mouse click JRT.exe and select Run as administrator

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message

 

NEXT

 

Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Scan

  • If items are found, please select the Clean button

  • Once done it will ask to reboot, allow the reboot

  • On reboot a log will be produced, please attach the content of the log to your next reply

 

 

NEXT

 

Please advise how the computer is running now and if there are any outstanding issues.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 19 April 2014 - 05:04 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by samir on 20/04/2014 at  0:01:31,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\samir\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\samir\Local Settings\Application Data\genienext"
Successfully deleted: [Folder] "C:\Users\samir\Local Settings\Application Data\mobogenie"



~~~ FireFox

Successfully deleted: [File] C:\Users\samir\AppData\Roaming\mozilla\firefox\profiles\tqm6lrqi.default\user.js
Successfully deleted the following from C:\Users\samir\AppData\Roaming\mozilla\firefox\profiles\tqm6lrqi.default\prefs.js

user_pref("extensions.TBPLATFORM_NS_PH.searchconf", "{\n  \"google\" : {\n     \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n     \"rankomet
Emptied folder: C:\Users\samir\AppData\Roaming\mozilla\firefox\profiles\tqm6lrqi.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/04/2014 at  0:03:53,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 19 April 2014 - 05:14 PM

# AdwCleaner v3.023 - Rapport créé le 20/04/2014 à 00:07:04
# Mis à jour le 01/04/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (32 bits)
# Nom d'utilisateur : samir - SAMIR-PC
# Exécuté depuis : C:\Users\samir\Downloads\Programs\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Users\samir\Documents\Mobogenie
Fichier Supprimé : C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\Extensions\toolbar-tbplatform@alexa.com.xpi

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Clé Supprimée : HKLM\Software\SafetyNut

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v28.0 (fr)

[ Fichier : C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\tqm6lrqi.default\prefs.js ]


-\\ Google Chrome v

[ Fichier : C:\Users\samir\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1590 octets] - [20/04/2014 00:05:28]
AdwCleaner[S0].txt - [1521 octets] - [20/04/2014 00:07:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1581 octets] ##########
 



#13 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 19 April 2014 - 05:46 PM

i have noticed since some operation my computer running more faster than before  and is more stable . I want to know if all those operations i can repeat them if my computer runs slowly in the future ?

 

After all of this, i would like to thank you for your time and consideration for my case.  :)



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:54 PM

Posted 19 April 2014 - 07:07 PM

We need to do one last sweep for any leftovers, I'm glad to hear things are running well now.

 

Please do the following:

 

Please download Malwarebytes Anti-Malware

 

 

 

  • Double Click mbam-setup.exe to install the application.

     

     


  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

     

     


  • If an update is found, it will download and install the latest version.

     

     


  • Once the program has loaded, select "Perform Quick Scan", then click Scan.

     

     


  • The scan may take some time to finish, so please be patient.

     

     


  • When the scan is complete, click OK, then Show Results to view the results.

     

     


  • Make sure that everything is checked, and click Remove Selected. <-- very important

     

     


  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

     

     


  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

     

     


  • Copy&Paste the entire report in your next reply.

     

     


 

 

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

NEXT

 

Go here to run an online scanner from ESET.

 

 

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     


  • Tick the box next to YES, I accept the Terms of Use.

     

     


  • Click Start

     

     


  • When asked, allow the activeX control to install

     

     


  • Click Start

  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

     

     


  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

     


  • Click Scan

     

     


  • Wait for the scan to finish

     

     


  • When the scan completes,  if it shows a screen that says "Threats found!", then click "List of found threats" button

     

     


  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop

     

     


  • Include the contents of this report in your next reply.

     

     


  • Press the BACK button.

     

     


  • Press Finish

     

     



Edited by CatByte, 19 April 2014 - 07:07 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Spike91

Spike91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 20 April 2014 - 03:06 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/04/2014
Scan Time: 08:54:08
Logfile: ssssssssssssssssss.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: samir

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 193763
Time Elapsed: 4 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users