Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AnyWhereAccess virus/malware


  • This topic is locked This topic is locked
15 replies to this topic

#1 cedlr

cedlr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 March 2015 - 02:57 PM

Hello all,

 

I have an annoying popup that seems to be a virus, i've tried many virus cleaner like ADWCLEANER, ZHPCleaner, Malwarebytes ... and keep have that program that try to install itself on my computer .... Ofcourse i cancel that thing i know that is probably a virus ...

 

I googled the name of that annoying thing and found your forum with their experts (http://www.bleepingcomputer.com/forums/t/568359/infected-with-something-google-keeps-redirecting/) ! Could you help me to get rid of that crap ? Many thanx by advance,

 

PS: my english is probably bad because im french ! :-)

Attached Files


Edited by cedlr, 13 March 2015 - 02:59 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 13 March 2015 - 04:26 PM

Hello cedlr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 Let's check out system

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 13 March 2015 - 05:14 PM

Hi cedlr,
 

C:\Windows\AutoKMS

AutoKMS is a crack for Microsoft Office. Basically it means you have a pirated copy of Office and I wil not be able to continue helping unless the crack is removed. Whether it was the source of the infection I can't say as I don't know where the file came from.
------------------------------------------------------
Going over your logs I noticed that you have µTorrent-Bittorent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent and Bittorent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 µTorrent
Bittorent
------------------------------------------------------------------------------------------------------------------------------------
 
Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
Zero G Registry
AnyWhereAccess
--------------------------------------------
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   3.93KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 March 2015 - 05:33 PM

Hi,

 

First of all, thank you alot for your help !

 

Here are the logs after running the two programs you suggested to me ! It looks like no malicious programs are here anymore, i must wait to see if that annoying thing pop again ! :-)

 

 

FIXLOGS

---------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Cédric at 2015-03-13 23:20:53 Run:1
Running from D:\Utilisateurs\Cédric\Téléchargements
Loaded Profiles: Cédric (Available profiles: Cédric)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
 C:\Windows\AutoKMS
HKLM-x32\...\Run: [] => [X]
C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\jnsb5E92.tmp
C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\nsd73B8.tmp
Task: C:\Windows\Tasks\LE.job => C:\Users\Cýÿdric\AppData\Roaming\LE.exe <==== ATTENTION
Task: C:\Windows\Tasks\TWFISYZ.job => C:\Users\Cýÿdric\AppData\Roaming\TWFISYZ.exe <==== ATTENTION
2015-03-09 19:40 - 2015-03-09 19:40 - 00140288 _____ () C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\nsd73B8.tmp
2015-03-09 19:40 - 2015-03-09 19:40 - 00173056 _____ () C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\jnsb5E92.tmp
SearchScopes: HKLM -> {1276E230-01CA-4442-97CC-018A2AE0989B} URL = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {1276E230-01CA-4442-97CC-018A2AE0989B} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF ProfilePath: C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
FF Extension: No Name - C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
FF Extension: No Name - C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
CHR Extension: (YouTube) - C:\Users\Cédric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-08]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
CustomCLSID: HKU\S-1-5-21-1022465330-1197563098-3211044709-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Cédric\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
R2 donureqe; C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\nsd73B8.tmp [140288 2015-03-09] () [File not signed]
R2 jidefoku; C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\jnsb5E92.tmp [173056 2015-03-09] () [File not signed]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys
2015-03-09 19:59 - 2015-03-09 19:59 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-03-09 16:32 - 2015-03-09 16:32 - 00000000 ____D () C:\Users\Cédric\AppData\Roaming\Enigma Software Group
2015-03-07 22:51 - 2015-03-09 19:40 - 00000000 ____D () C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF
2015-03-07 22:51 - 2015-03-07 22:51 - 00001334 _____ () C:\Windows\Tasks\LE.job
2015-03-07 22:50 - 2015-03-07 22:50 - 00001688 _____ () C:\Windows\Tasks\TWFISYZ.job
2015-03-02 09:34 - 2015-03-02 09:34 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-18 12:39 - 2015-02-18 12:39 - 00000000 ____D () C:\ia_a1d3f5c9c4d1_temp
C:\Program Files (x86)\Zero G Registry
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Cédric\AppData\Roaming\LE
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Cédric\AppData\Roaming\TWFISYZ
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
 
 
 
 
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Windows\AutoKMS => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\jnsb5E92.tmp" => File/Directory not found.
"C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\nsd73B8.tmp" => File/Directory not found.
C:\Windows\Tasks\LE.job => Moved successfully.
C:\Windows\Tasks\TWFISYZ.job => Moved successfully.
"C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\nsd73B8.tmp" => File/Directory not found.
"C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF\jnsb5E92.tmp" => File/Directory not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1276E230-01CA-4442-97CC-018A2AE0989B}" => Key deleted successfully.
HKCR\CLSID\{1276E230-01CA-4442-97CC-018A2AE0989B} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1276E230-01CA-4442-97CC-018A2AE0989B}" => Key deleted successfully.
HKCR\CLSID\{1276E230-01CA-4442-97CC-018A2AE0989B} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
FF ProfilePath: C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default => Should not be moved.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com not found.
C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com not found.
C:\Users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\9bufb590.default\extensions\NLQUCQ35648598@KRFIE97629948.com not found.
C:\Users\Cédric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => Moved successfully.
EagleX64 => Service deleted successfully.
"HKU\S-1-5-21-1022465330-1197563098-3211044709-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
donureqe => Service deleted successfully.
jidefoku => Service deleted successfully.
RimUsb => Service deleted successfully.
C:\Program Files\Adware-Removal-Tool => Moved successfully.
C:\Users\Cédric\AppData\Roaming\Enigma Software Group => Moved successfully.
C:\Users\Cédric\AppData\Roaming\FFFFFFFF-1425765077-FFFF-FFFF-FFFFFFFFFFFF => Moved successfully.
"C:\Windows\Tasks\LE.job" => File/Directory not found.
"C:\Windows\Tasks\TWFISYZ.job" => File/Directory not found.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => Moved successfully.
C:\ia_a1d3f5c9c4d1_temp => Moved successfully.
C:\Program Files (x86)\Zero G Registry => Moved successfully.
C:\Users\Cédric\AppData\Roaming\LE => Moved successfully.
C:\Users\Cédric\AppData\Roaming\TWFISYZ => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Configuration IP de Windows
 
Cache de r�solution DNS vid�.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
R�initialisation de G�n�ral, OK�!
R�initialisation de Interface, OK�!
Red�marrez l'ordinateur pour terminer cette action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
R�initialisation de G�n�ral, OK�!
R�initialisation de Interface, OK�!
Red�marrez l'ordinateur pour terminer cette action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 463.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:20:58 ====

 

ADWCLEAN

---------------------------------------------

# AdwCleaner v4.112 - Rapport créé le 13/03/2015 à 23:24:11
# Mis à jour le 09/03/2015 par Xplode
# Base de données : 2015-03-05.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (x64)
# Nom d'utilisateur : Cédric - PC-DE-CEDRIC
# Exécuté depuis : D:\Utilisateurs\Cédric\Bureau\adwcleaner_4.112.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v12.0 (fr)
 
 
-\\ Google Chrome v41.0.2272.89
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R10].txt - [2409 octets] - [08/03/2015 00:03:44]
AdwCleaner[R11].txt - [1976 octets] - [08/03/2015 18:43:31]
AdwCleaner[R12].txt - [2015 octets] - [13/03/2015 19:41:39]
AdwCleaner[R13].txt - [2149 octets] - [13/03/2015 23:23:22]
AdwCleaner[R2].txt - [2650 octets] - [28/07/2014 18:45:20]
AdwCleaner[R3].txt - [1114 octets] - [10/08/2014 09:06:10]
AdwCleaner[R4].txt - [3422 octets] - [24/08/2014 17:25:56]
AdwCleaner[R5].txt - [1740 octets] - [24/08/2014 17:42:04]
AdwCleaner[R6].txt - [1477 octets] - [16/11/2014 14:27:15]
AdwCleaner[R7].txt - [1858 octets] - [21/12/2014 15:24:58]
AdwCleaner[R8].txt - [19628 octets] - [07/03/2015 22:55:07]
AdwCleaner[R9].txt - [2167 octets] - [07/03/2015 22:59:20]
AdwCleaner[S10].txt - [1533 octets] - [13/03/2015 23:24:11]
AdwCleaner[S1].txt - [2679 octets] - [28/07/2014 18:46:30]
AdwCleaner[S2].txt - [3206 octets] - [24/08/2014 17:26:36]
AdwCleaner[S3].txt - [1805 octets] - [24/08/2014 17:42:48]
AdwCleaner[S4].txt - [1540 octets] - [16/11/2014 14:28:05]
AdwCleaner[S5].txt - [1923 octets] - [21/12/2014 15:25:49]
AdwCleaner[S6].txt - [18650 octets] - [07/03/2015 22:55:52]
AdwCleaner[S7].txt - [2689 octets] - [07/03/2015 23:00:12]
AdwCleaner[S8].txt - [2484 octets] - [08/03/2015 00:05:15]
AdwCleaner[S9].txt - [2042 octets] - [08/03/2015 18:44:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [2135  octets] ##########
 
 
JRT
----------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by C‚dric on 13/03/2015 at 23:26:38,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/03/2015 at 23:28:35,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by cedlr, 13 March 2015 - 05:39 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 14 March 2015 - 06:25 AM

Hi cedlr,
 
Step1:
Scan with Malwarebytes Antimalware:
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step2:
Please be sure to run our tools with administrator rights.
Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 14 March 2015 - 09:06 AM

Hi and thank you again !
 
Here are the logs you requested, seems like that annoying popup dosn't act anymore since yesterday !
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/03/2015
Scan Time: 13:43:02
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.14.02
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cédric
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402826
Time Elapsed: 5 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
ComboFix 15-03-14.03 - Cédric 14/03/2015  14:08:16.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.8145.5446 [GMT 1:00]
Lancé depuis: d:\utilisateurs\CÚdric\Bureau\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe\088dac04-6bd2-4e9c-b2e4-a15df9f091e2.dll
c:\users\Cédric\ZHPCleaner.exe
c:\windows\msdownld.tmp
c:\windows\ServiceProfiles\LocalService\~gntus07.tmp
c:\windows\ServiceProfiles\NetworkService\~gntus06.tmp
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2015-02-14 au 2015-03-14  ))))))))))))))))))))))))))))))))))))
.
.
2015-03-14 13:21 . 2015-03-14 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-14 13:21 . 2015-03-14 13:21 -------- d-----w- c:\users\Cédric\AppData\Local\temp
2015-03-14 12:42 . 2015-03-14 12:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-14 12:42 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-14 12:42 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-14 12:42 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-14 10:27 . 2015-03-14 10:27 -------- d-----w- c:\users\Cédric\AppData\Local\BANDAI NAMCO Games
2015-03-13 19:51 . 2015-03-13 22:21 -------- d-----w- C:\FRST
2015-03-13 09:26 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54199836-75B6-4D22-9100-DD8C0EB27B27}\mpengine.dll
2015-03-12 08:44 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-11 08:26 . 2015-02-24 03:15 293032 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-03-11 08:26 . 2015-02-21 01:16 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-03-11 08:26 . 2015-02-20 02:47 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-11 08:26 . 2015-02-20 02:08 199680 ----a-w- c:\windows\system32\msrating.dll
2015-03-11 08:26 . 2015-02-20 02:08 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-03-11 08:25 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 08:25 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-09 18:59 . 2015-03-13 18:42 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2015-03-09 18:59 . 2015-03-09 18:59 -------- d-----w- c:\program files\Common Files\Microsoft
2015-03-09 18:50 . 2015-03-09 18:55 -------- d-----w- c:\programdata\STOPzilla!
2015-03-09 18:50 . 2015-03-09 18:58 -------- d-----w- c:\program files (x86)\STOPzilla
2015-03-09 17:59 . 2015-03-09 18:41 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-03-09 15:32 . 2015-03-09 15:32 -------- d-----w- c:\users\Cédric\Start Menu
2015-03-08 19:34 . 2015-03-08 19:48 -------- d-----w- c:\users\Cédric\AppData\Roaming\BitTorrent
2015-03-08 09:51 . 2015-02-04 21:17 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2015-03-08 09:51 . 2015-02-05 00:24 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2015-03-08 09:49 . 2014-04-18 16:02 74432 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2015-03-08 09:49 . 2014-04-18 16:02 129472 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2015-03-08 09:49 . 2015-03-08 09:49 -------- d-----w- c:\windows\Razer Core
2015-03-07 22:09 . 2015-03-07 22:09 -------- d-----w- c:\programdata\Emsisoft
2015-03-07 22:07 . 2015-03-07 22:49 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2015-03-07 21:52 . 2015-03-07 21:52 -------- d-----w- c:\users\Cédric\AppData\Local\FFFFFFFF-1425768722-FFFF-FFFF-FFFFFFFFFFFF
2015-03-03 20:31 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-03 20:31 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-03 20:31 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-03 20:31 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files\iTunes
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files (x86)\iTunes
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files\iPod
2015-02-21 15:40 . 2014-09-17 19:16 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4ED7253-0A87-4A52-B673-D528E98CE68D}\gapaengine.dll
2015-02-20 17:24 . 2015-02-20 17:24 -------- d-----w- c:\users\Cédric\AppData\Local\Steam
2015-02-18 11:39 . 2015-02-18 11:39 -------- d-----w- c:\windows\jre
2015-02-17 18:35 . 2015-02-17 18:35 3776184 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1036\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-11 11:21 . 2012-02-16 08:05 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-02-12 07:55 . 2015-02-12 07:55 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2015-02-06 11:26 . 2014-02-25 14:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 11:26 . 2014-02-25 14:36 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 21:01 . 2015-02-10 09:57 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2015-02-10 09:57 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2015-02-10 09:56 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-10 09:56 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-10 09:56 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-10 09:56 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-10 09:56 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-10 09:56 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-10 09:56 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-10 09:56 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-10 09:56 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2015-02-10 09:56 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2015-02-10 09:56 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2015-02-10 09:56 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-10 09:56 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-10 09:56 969872 ----a-w- c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-10 09:56 943760 ----a-w- c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-10 09:56 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-10 09:56 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-10 09:56 3610768 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-10 09:56 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2015-02-10 09:56 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-10 09:56 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2015-02-10 09:56 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-10 09:56 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-10 09:56 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-10 09:56 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-10 09:56 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2015-02-10 09:56 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-10 09:56 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-10 09:56 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2015-02-10 09:56 13208200 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-10 09:56 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-02-10 09:56 10284872 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 19:07 . 2015-02-10 09:57 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2015-02-10 09:57 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2015-02-10 09:57 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2015-02-10 09:57 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2015-02-10 09:57 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2015-02-10 09:57 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-02-10 09:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-05 12:50 . 2015-02-10 09:57 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 03:16 . 2015-02-11 08:32 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 08:32 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 08:32 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 08:32 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 08:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 08:32 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 08:32 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 08:32 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-16 06:40 . 2015-02-10 10:02 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:40 . 2015-02-10 10:02 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:39 . 2015-02-10 10:02 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-01-16 06:39 . 2015-02-10 10:02 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-30 09:36 . 2014-12-30 09:36 33448 ----a-w- c:\windows\system32\drivers\rzkeypadendpt.sys
2014-12-30 09:35 . 2014-12-30 09:35 27816 ----a-w- c:\windows\system32\drivers\rzjstk.sys
2014-12-30 09:35 . 2014-12-30 09:35 177832 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28 990720 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28 78848 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-12-30 09:28 . 2014-12-30 09:28 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28 419840 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2014-12-21 13:23 . 2014-12-21 13:23 8716288 ----a-w- c:\users\Cédric\~gntus08.tmp
2014-12-21 13:23 . 2014-12-21 13:23 8716288 ----a-w- c:\users\Cédric\~gntus08.tmp
2014-12-21 13:22 . 2014-12-21 13:22 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-12-19 03:06 . 2015-01-14 08:50 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 08:50 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="d:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-12-08 37152]
"GoogleChromeAutoLaunch_9D4B83A9B6B9CF0904575A433DCFD890"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-03-07 809288]
"Steam"="d:\program files\Steam\steam.exe" [2015-02-18 2874048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-02-28 590144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files\Origin\OriginClientService.exe;d:\program files\Origin\OriginClientService.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
S3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-13 09:38 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-25 11:26]
.
2015-03-14 c:\windows\Tasks\GlaryInitialize 5.job
- d:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-12-08 05:46]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 14:52]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Razer Naga Driver - c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{CBEC616D-96E1-8751-A268-D51E2F030C27} - c:\progra~3\INSTAL~1\{34F96~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:16,1e,2b,cb,a8,b2,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,d5,c0,49,18,2c,32,43,89,67,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,d5,c0,49,18,2c,32,43,89,67,40,\
.
[HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\SecuROM\License information*]
"datasecu"=hex:09,e2,7c,5b,7c,05,23,bf,14,6f,15,79,2e,64,76,21,83,34,4e,fb,87,
   79,46,94,c0,da,44,a2,6e,ff,77,8c,16,58,98,aa,8e,8b,c3,fb,e8,22,eb,c0,bc,45,\
"rkeysecu"=hex:03,7f,96,62,ba,ae,49,c2,6e,54,52,f3,30,4c,ee,d3
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-03-14  14:53:54
ComboFix-quarantined-files.txt  2015-03-14 13:53
.
Avant-CF: 19 876 302 848 octets libres
Après-CF: 19 707 645 952 octets libres
.
- - End Of File - - E99FB1FE681CD728C87ECEB355BBBDDB
 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 14 March 2015 - 06:05 PM

Hi cedlr,

 

Step1:
:Run CFScript:

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached txt.gif  CFScript.txt   709bytes   0 downloads and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step2:

Scan with ESET Online Scan
Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 15 March 2015 - 05:34 AM

ComboFix 15-03-14.03 - Cédric 15/03/2015   9:53.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.8145.5523 [GMT 1:00]
Lancé depuis: d:\utilisateurs\CÚdric\TÚlÚchargements\ComboFix.exe
Commutateurs utilisés :: d:\utilisateurs\CÚdric\TÚlÚchargements\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2015-02-15 au 2015-03-15  ))))))))))))))))))))))))))))))))))))
.
.
2015-03-15 09:05 . 2015-03-15 09:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-15 09:05 . 2015-03-15 09:05 -------- d-----w- c:\users\CIC~1\AppData\Local\temp
2015-03-15 09:05 . 2015-03-15 09:05 -------- d-----w- c:\users\Cédric\AppData\Local\temp
2015-03-15 09:05 . 2015-03-15 09:05 -------- d-----w- c:\users\C‚dric\AppData\Local\temp
2015-03-15 08:48 . 2015-03-15 08:48 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60FA0C30-5E04-4EBE-A705-AED4783CB20C}\offreg.dll
2015-03-14 14:19 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60FA0C30-5E04-4EBE-A705-AED4783CB20C}\mpengine.dll
2015-03-14 14:05 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-14 10:27 . 2015-03-14 10:27 -------- d-----w- c:\users\Cédric\AppData\Local\BANDAI NAMCO Games
2015-03-13 19:51 . 2015-03-13 22:21 -------- d-----w- C:\FRST
2015-03-11 08:26 . 2015-02-24 03:15 293032 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-03-11 08:26 . 2015-02-21 01:16 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-03-11 08:26 . 2015-02-20 02:47 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-03-11 08:26 . 2015-02-20 02:08 199680 ----a-w- c:\windows\system32\msrating.dll
2015-03-11 08:26 . 2015-02-20 02:08 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-03-11 08:25 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 08:25 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-09 18:59 . 2015-03-13 18:42 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2015-03-09 18:59 . 2015-03-09 18:59 -------- d-----w- c:\program files\Common Files\Microsoft
2015-03-09 18:50 . 2015-03-09 18:55 -------- d-----w- c:\programdata\STOPzilla!
2015-03-09 18:50 . 2015-03-09 18:58 -------- d-----w- c:\program files (x86)\STOPzilla
2015-03-09 17:59 . 2015-03-09 18:41 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-03-09 15:32 . 2015-03-09 15:32 -------- d-----w- c:\users\Cédric\Start Menu
2015-03-08 19:34 . 2015-03-08 19:48 -------- d-----w- c:\users\Cédric\AppData\Roaming\BitTorrent
2015-03-08 09:51 . 2015-02-04 21:17 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2015-03-08 09:51 . 2015-02-05 00:24 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2015-03-08 09:49 . 2014-04-18 16:02 74432 ----a-w- c:\windows\system32\drivers\RzFilter.sys
2015-03-08 09:49 . 2014-04-18 16:02 129472 ----a-w- c:\windows\system32\drivers\RzDxgk.sys
2015-03-08 09:49 . 2015-03-08 09:49 -------- d-----w- c:\windows\Razer Core
2015-03-07 22:09 . 2015-03-07 22:09 -------- d-----w- c:\programdata\Emsisoft
2015-03-07 22:07 . 2015-03-07 22:49 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2015-03-07 21:52 . 2015-03-07 21:52 -------- d-----w- c:\users\Cédric\AppData\Local\FFFFFFFF-1425768722-FFFF-FFFF-FFFFFFFFFFFF
2015-03-03 20:31 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-03 20:31 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-03 20:31 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-03 20:31 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files\iTunes
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files (x86)\iTunes
2015-03-02 08:34 . 2015-03-02 08:34 -------- d-----w- c:\program files\iPod
2015-02-21 15:40 . 2014-09-17 19:16 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4ED7253-0A87-4A52-B673-D528E98CE68D}\gapaengine.dll
2015-02-20 17:24 . 2015-02-20 17:24 -------- d-----w- c:\users\Cédric\AppData\Local\Steam
2015-02-18 11:39 . 2015-02-18 11:39 -------- d-----w- c:\windows\jre
2015-02-17 18:35 . 2015-02-17 18:35 3776184 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\1036\MSOINTL.DLL
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-11 11:21 . 2012-02-16 08:05 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 82432 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 44544 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-03-02 11:42 . 2015-03-02 11:42 1275392 ----a-w- c:\users\Cédric\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-02-12 07:55 . 2015-02-12 07:55 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2015-02-06 11:26 . 2014-02-25 14:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 11:26 . 2014-02-25 14:36 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 21:01 . 2015-02-10 09:57 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2015-02-10 09:57 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 21:01 . 2015-02-10 09:56 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-10 09:56 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-10 09:56 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-10 09:56 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-10 09:56 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-02-05 21:01 . 2015-02-10 09:56 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-10 09:56 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-10 09:56 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-02-05 21:01 . 2015-02-10 09:56 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2015-02-10 09:56 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2015-02-10 09:56 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2015-02-10 09:56 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-10 09:56 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-10 09:56 969872 ----a-w- c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-10 09:56 943760 ----a-w- c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-10 09:56 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-10 09:56 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-10 09:56 3610768 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-10 09:56 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2015-02-10 09:56 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-10 09:56 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2015-02-10 09:56 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-10 09:56 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-10 09:56 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-10 09:56 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-10 09:56 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2015-02-10 09:56 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-10 09:56 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-10 09:56 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2015-02-10 09:56 13208200 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-10 09:56 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-02-10 09:56 10284872 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 19:07 . 2015-02-10 09:57 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2015-02-10 09:57 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2015-02-10 09:57 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2015-02-10 09:57 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2015-02-10 09:57 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2015-02-10 09:57 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-02-10 09:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-05 12:50 . 2015-02-10 09:57 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 03:16 . 2015-02-11 08:32 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 08:32 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 08:32 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 08:32 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 08:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 08:32 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 08:32 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 08:32 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-16 06:40 . 2015-02-10 10:02 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:40 . 2015-02-10 10:02 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:39 . 2015-02-10 10:02 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-01-16 06:39 . 2015-02-10 10:02 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-30 09:36 . 2014-12-30 09:36 33448 ----a-w- c:\windows\system32\drivers\rzkeypadendpt.sys
2014-12-30 09:35 . 2014-12-30 09:35 27816 ----a-w- c:\windows\system32\drivers\rzjstk.sys
2014-12-30 09:35 . 2014-12-30 09:35 177832 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28 990720 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28 78848 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-12-30 09:28 . 2014-12-30 09:28 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28 419840 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2014-12-21 13:23 . 2014-12-21 13:23 8716288 ----a-w- c:\users\Cédric\~gntus08.tmp
2014-12-21 13:23 . 2014-12-21 13:23 8716288 ----a-w- c:\users\Cédric\~gntus08.tmp
2014-12-21 13:22 . 2014-12-21 13:22 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-12-19 03:06 . 2015-01-14 08:50 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 08:50 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="d:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-12-08 37152]
"GoogleChromeAutoLaunch_9D4B83A9B6B9CF0904575A433DCFD890"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-03-07 809288]
"Steam"="d:\program files\Steam\steam.exe" [2015-02-18 2874048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-02-28 590144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * 
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files\Origin\OriginClientService.exe;d:\program files\Origin\OriginClientService.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
S3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-13 09:38 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-25 11:26]
.
2015-03-15 c:\windows\Tasks\GlaryInitialize 5.job
- d:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-12-08 05:46]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 14:52]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-01 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Cédric\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-{CBEC616D-96E1-8751-A268-D51E2F030C27} - c:\progra~3\INSTAL~1\{34F96~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:16,1e,2b,cb,a8,b2,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,d5,c0,49,18,2c,32,43,89,67,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,d5,c0,49,18,2c,32,43,89,67,40,\
.
[HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\SecuROM\License information*]
"datasecu"=hex:09,e2,7c,5b,7c,05,23,bf,14,6f,15,79,2e,64,76,21,83,34,4e,fb,87,
   79,46,94,c0,da,44,a2,6e,ff,77,8c,16,58,98,aa,8e,8b,c3,fb,e8,22,eb,c0,bc,45,\
"rkeysecu"=hex:03,7f,96,62,ba,ae,49,c2,6e,54,52,f3,30,4c,ee,d3
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-03-15  10:31:39
ComboFix-quarantined-files.txt  2015-03-15 09:31
ComboFix2.txt  2015-03-14 13:54
.
Avant-CF: 19 363 713 024 octets libres
Après-CF: 18 990 034 944 octets libres
.
- - End Of File - - E4355B625EDDE12AE9E52E472B912BCB
 
 
 
NO THREAT FOUND in ESET
 
Looks like all is fine ?


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 15 March 2015 - 11:28 AM

Looks like all is fine ?

Not yet.

---------------

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 (or the contents run)

c:\users\Cédric\AppData\Local\FFFFFFFF-1425768722-FFFF-FFFF-FFFFFFFFFFFF
c:\users\Cédric\~gntus08.tmp
c:\users\Cédric\~gntus08.tmp
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

-------------------------------------------------------------------------------------

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Edited by olgun52, 15 March 2015 - 11:30 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 15 March 2015 - 03:17 PM

I scanned the two files in c:\users\Cédric\AppData\Local\FFFFFFFF-1425768722-FFFF-FFFF-FFFFFFFFFFFF folder and the file c:\users\Cédric\~gntus08.tmp
 
 
 
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.03.15.03
  rootkit: v2015.02.25.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Cédric :: PC-DE-CEDRIC [administrator]
 
15/03/2015 21:04:53
mbar-log-2015-03-15 (21-04-53).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 435770
Time elapsed: 5 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
RogueKiller V10.5.4.0 [Mar 12 2015] par Adlice Software
 
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en  : Mode normal
Utilisateur : Cédric [Administrateur]
Démarré depuis : D:\Utilisateurs\Cédric\Téléchargements\RogueKiller.exe
Mode : Scan -- Date : 03/15/2015  21:15:19
 
¤¤¤ Processus : 2 ¤¤¤
[Suspicious.Path] RzStats.Manager.exe(5916) -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] RzCefRenderProcess.exe(3428) -- C:\Users\Cédric\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe[7] -> Tué(e) [TermThr]
 
¤¤¤ Registre : 13 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{918EC3DE-3C87-4A10-95E2-C7997DC9384D} | DhcpNameServer : 172.17.0.20 172.16.48.5 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{918EC3DE-3C87-4A10-95E2-C7997DC9384D} | DhcpNameServer : 172.17.0.20 172.16.48.5 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{918EC3DE-3C87-4A10-95E2-C7997DC9384D} | DhcpNameServer : 172.17.0.20 172.16.48.5 [(Private Address) (XX)][(Private Address) (XX)]  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1022465330-1197563098-3211044709-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Trouvé(e)
 
¤¤¤ Tâches : 0 ¤¤¤
 
¤¤¤ Fichiers : 0 ¤¤¤
 
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤
 
¤¤¤ Navigateurs web : 0 ¤¤¤
 
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: OCZ-AGILITY3 +++++
--- User ---
[MBR] 42257e5ab7803eb6e506da5a72d9c23c
[BSP] 64b1f00b2eb2ee15588c6cb2be843cbf : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 090f2e70f47c862cda39755b41990df5
[BSP] 11f533a328813bd21f820bdaa5f0134e : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 15 March 2015 - 03:39 PM

Hi again,
 
Step 1:
 
Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

Link1
Link2
Link3

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop might disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the "attached file" txt.gif OTM Fix.txt   633bytes   0 downloads to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files and end at and include [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 
You may have to attach the produced log as it will exceed forum character limits.
 
Step 2:
Dr.Web CureIt run:

Ashampoo_Snap_2015.02.19_17h50m22s_001__

  • Please download Dr.Web CureIt! Free  antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 15 March 2015 - 05:29 PM

Hello, here are the logs, DrWeb didnt find any virus and i had no reboot, so i pasted just a part of the log for it !
 
 
 
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de r‚solution DNS vid‚.
D:\Utilisateurs\Cédric\Téléchargements\cmd.bat deleted successfully.
D:\Utilisateurs\Cédric\Téléchargements\cmd.txt deleted successfully.
c:\users\Cédric\AppData\Local\FFFFFFFF-1425768722-FFFF-FFFF-FFFFFFFFFFFF folder moved successfully.
c:\users\Cédric\~gntus08.tmp moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cédric
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3231747 bytes
->Java cache emptied: 5993057 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 226925427 bytes
->Flash cache emptied: 57979 bytes
 
User: C‚dric
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195 bytes
 
User: C餲ic
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1021474 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5324 bytes
Session Manager Temp folder emptied: 1442258 bytes
Session Manager Tmp folder emptied: 20480 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 228,00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03152015_230501
 
Files moved on Reboot...
C:\Users\Cédric\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. D:\TEMP\NVIDIA Corporation\NV_Cache\d4db2017b9eb34d5785fd0119370c437_fce8395c8fd8a861_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. D:\TEMP\NVIDIA Corporation\NV_Cache\d4db2017b9eb34d5785fd0119370c437_fce8395c8fd8a861_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
D:\TEMP\FXSAPIDebugLogFile.txt moved successfully.
 
Registry entries deleted on Reboot...
 
 
 
 
 
 
 
 
=============================================================================
Dr.Web Scanner SE for Windows v9.1.2.08270
© Doctor Web, Ltd., 1992-2013
Scan session started 2015/03/15 23:15:48 
Module location : D:\TEMP\F0B58352-E31571A8-5A0A1C48-D2CE6E9E\
=============================================================================
 
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
 
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
 
Using language: "French (Français)"
Available instances: 12
Instances used: 12
Platform: Windows 7 Premium x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 9.1.5.12190
Virus Finding Engine version: 7.0.11.1300
Total 233 virus bases are loaded from D:\TEMP\F0B58352-E31571A8-5A0A1C48-D2CE6E9E
 
.........................................................................
 

Total 8153103396 bytes in 27932 files scanned (33324 objects)
Total 27905 files (33292 objects) are clean
There are no infected objects detected
Total 32 files are raised error condition
Scan time is 00:03:43.089
 
 

Edited by cedlr, 15 March 2015 - 05:30 PM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 15 March 2015 - 05:42 PM

There are no infected objects detected

Looks good.

Any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 16 March 2015 - 03:41 AM

Its good to hear ! Thanx alot for your help and all the time you wasted for me !!



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 AM

Posted 16 March 2015 - 08:25 AM

Hello again,

 

Thank you for your patience.  Please do the following:
Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

 

 

next.....

In any case please download delfix to your desktop.

  • Close all other programms.
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button
  • ill now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users