all files are hidden including the bureau. the virus seems to have infected avast which i tried to delete but it's blocked. i tried to run malwarebytes but it says "access denied". here's my hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:36:53, on 07/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WTClient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?
LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital
Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-
4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5
kevinf80_1d0ac6
1.1K Posts
0
August 7th, 2011 01:00
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O4 - HKCU\..\Run: [mIDuMjVairisaH] C:\ProgramData\mIDuMjVairisaH.exe
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot
Step 2
Please download Rkill and save to your Desktop.
Link 1
Link 2
Link 3
Link 4
Link 5
Link 6
Step 3
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-
Link 1
Link 2
Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
**** Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.
*EXTRA NOTES*
Post the logs from RKill and Combofix in next reply please...
Kevin
parispainter
20 Posts
0
August 7th, 2011 13:00
just rebooted and the little fuzzy looking thing is still on the bottom of the tool bar. it's called "services media manager". it went away but is back now
parispainter
20 Posts
0
August 7th, 2011 13:00
hi kevin
thanks so much for your help. files are starting to show up but some are still hiding.
linda
here's my rkill report:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 07/08/2011 at 19:49:21.
Operating System: Windows Vista (TM) Home Premium
Processes terminated by Rkill or while it was running:
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\utilisateur\Downloads\iExplore.exe
C:\Users\utilisateur\Downloads\iExplore.exe
Rkill completed on 07/08/2011 at 19:49:37.
here's my combofix report. unfortunately, i wasnt given a language option and my computer put parts of it automatically in french. i hope it's not the parts that you need!
ComboFix 11-08-07.03 - utilisateur 07/08/2011 20:43:18.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.803 [GMT 2:00]
Lancé depuis: c:\users\utilisateur\Desktop\gotcha.exe.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\program files\PAV\pav.exe.tmp1
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\10150092283854586_8846.mp4.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\208274895862743_12115.mp4.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\489427224895_4614.mp4.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\52349854895_55865.mp4.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\75251154895_35415.mp4.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\8rnznyd7xeddg.avi.ddr
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\10150092283854586_8846.mp4
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\208274895862743_12115.mp4
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\489427224895_4614.mp4
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\52349854895_55865.mp4
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\75251154895_35415.mp4
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\8rnznyd7xeddg.avi
c:\users\utilisateur\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\x7wg5.mp4.ddp
c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Uninstall Windows Vista Repair.lnk
c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\Windows Vista Repair.lnk
c:\users\utilisateur\AppData\Roaming\OfferBox\config.dat
c:\users\utilisateur\AppData\Roaming\OfferBox\config.xml
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-07-07 au 2011-08-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-07 18:53 . 2011-08-07 18:53 -------- d-----w- c:\users\utilisateur\AppData\Local\temp
2011-08-07 18:53 . 2011-08-07 18:53 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\temp
2011-08-07 18:53 . 2011-08-07 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 18:17 . 2011-08-07 18:17 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-08-07 18:17 . 2011-08-07 18:17 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-08-07 18:17 . 2011-08-07 18:17 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-08-07 18:17 . 2011-08-07 18:17 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-08-07 18:17 . 2011-08-07 18:17 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-08-07 18:17 . 2011-08-07 18:17 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-08-07 18:17 . 2011-08-07 18:17 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-08-07 18:17 . 2011-08-07 18:17 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-08-07 18:16 . 2011-08-07 18:16 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-08-07 18:16 . 2011-08-07 18:16 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-08-07 18:16 . 2011-08-07 18:16 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-08-07 18:16 . 2011-08-07 18:16 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-08-07 18:16 . 2011-08-07 18:16 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-08-07 18:16 . 2011-08-07 18:16 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-08-07 18:16 . 2011-08-07 18:16 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-08-07 18:16 . 2011-08-07 18:16 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-08-07 18:16 . 2011-08-07 18:16 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-08-07 06:30 . 2011-08-07 06:30 388096 ----a-r- c:\users\utilisateur\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-06 17:30 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C906DA64-C8B1-481A-B5C7-835730CD124F}\mpengine.dll
2011-08-02 17:34 . 2011-08-02 17:34 -------- d-----w- c:\users\utilisateur\AppData\Roaming\PeerNetworking
2011-07-27 13:59 . 2011-07-27 14:00 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\Adobe
2011-07-11 15:41 . 2011-07-27 13:59 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Roaming\Adobe
2011-07-11 15:41 . 2011-07-12 07:26 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-04-11 10:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 20:28 . 2011-06-03 20:28 0 ---ha-w- c:\windows\system32\ConduitEngine.tmp
2011-05-28 06:08 . 2011-06-17 11:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-17 11:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-17 11:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-17 11:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-17 11:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-17 11:16 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-17 11:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-17 11:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-06 13:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 12:13 . 2011-05-19 12:13 0 ----a-w- c:\users\utilisateur\AppData\Local\BITF650.tmp
2011-05-18 18:39 . 2011-05-18 18:39 0 ----a-w- c:\users\utilisateur\AppData\Local\BIT34C6.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [BU]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [BU]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [BU]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-16 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aoChCgeHApgo]
c:\programdata\aoChCgeHApgo.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bfepitaqunuhogaj]
c:\users\utilisateur\AppData\Local\svertfs.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 16:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
D:\Setup.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
R2 SFR.DashBoard.Service;SFR.DashBoard.Service;c:\program files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe [2010-05-31 18272]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-14 9216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-07-21 105088]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-11 752128]
S2 afcdpsrv;Service Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-11 3246040]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-04-30 200704]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [2009-06-07 61440]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-11 167968]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 12:01]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 12:01]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_FR Community Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - %profile%\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 20:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2011-08-07 20:59:50
ComboFix-quarantined-files.txt 2011-08-07 18:59
.
Avant-CF: 29 376 385 024 octets libres
Après-CF: 29 031 546 880 octets libres
.
- - End Of File - - C02347041467A15607606733D82A3B90
kevinf80_1d0ac6
1.1K Posts
0
August 7th, 2011 14:00
Continue as follows please :-
Step 1
Download the following program to your desktop:
Unhidetool
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:
Changing as the next drive is processed as below:
You will get a success alert at the end.
Re-boot and see if your files are present.
Step 2
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in between the dotted lines below into it:
-----------------------------------------------------------------------------------------------------------------------------------------
KillAll::
File::
c:\windows\system32\ConduitEngine.tmp
c:\users\utilisateur\AppData\Local\BITF650.tmp
c:\users\utilisateur\AppData\Local\BIT34C6.tmp
c:\programdata\aoChCgeHApgo.exe
c:\users\utilisateur\AppData\Local\svertfs.dll
D:\Setup.exe
Firefox::
FF - ProfilePath - c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar_FR Community Toolbar: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - %profile%\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aoChCgeHApgo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bfepitaqunuhogaj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TQ566808]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
-----------------------------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 3
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take between one and several hours to complete depending on the size of your system.
ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".
Step 4
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Let me see the following in next reply :-
Kevin
parispainter
20 Posts
0
August 8th, 2011 01:00
thanks, kevin. it looks good and all my files are back. that fuzzy icon with a red X on it is still showing up when i turn on the computer (services media manager). i've only seen it one other time and that was when the computer had a virus.
also, all the desktop icons are underlined and i cant rename them by clicking on them twice slowly. i have to right-click and rename from the menu. no big deal but i'm wondering if it's a sign of a continuing problem.
here's the combofix log:
ComboFix 11-08-07.03 - utilisateur 07/08/2011 23:14:24.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1064 [GMT 2:00]
Lancé depuis: c:\users\utilisateur\Desktop\gotcha.exe.exe
Commutateurs utilisés :: c:\users\utilisateur\Desktop\CFScript.txt
.
FILE ::
"c:\programdata\aoChCgeHApgo.exe"
"c:\users\utilisateur\AppData\Local\BIT34C6.tmp"
"c:\users\utilisateur\AppData\Local\BITF650.tmp"
"c:\users\utilisateur\AppData\Local\svertfs.dll"
"c:\windows\system32\ConduitEngine.tmp"
"D:\Setup.exe"
.
ADS - Windows: deleted 128 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\chrome.manifest
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\chrome\utorrentbar_fr.jar
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\ConduitAutoCompleteSearch.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\ConduitAutoCompleteSearch.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\ConduitToolbar.idl
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\ConduitToolbar.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\ConduitToolbar.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\RadioWMPCore.dll
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\RadioWMPCore.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\components\RadioWMPCoreGecko19.dll
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\alertSettingsComponent.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\appContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\engineContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\engineSettings.json
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\fbAlert.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\getAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\postAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\toolbarContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\defaults\unsharedAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\install.rdf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\lib\xpcom.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\META-INF\manifest.mf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\META-INF\zigbert.rsa
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\META-INF\zigbert.sf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin\conduit.gif
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin\conduit.ico
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin\conduit.PNG
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin\conduit.src
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\searchplugin\conduit.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\setup.ini
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}\version.txt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\chrome.manifest
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\install.rdf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\setup.ini
c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\extensions\engine@conduit.com\version.txt
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-07-07 au 2011-08-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-07 21:24 . 2011-08-07 21:28 -------- d-----w- c:\users\utilisateur\AppData\Local\temp
2011-08-07 21:24 . 2011-08-07 21:24 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-08-07 21:24 . 2011-08-07 21:24 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\temp
2011-08-07 21:24 . 2011-08-07 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 18:40 . 2011-08-07 18:59 -------- d-----w- C:\gotcha.exe
2011-08-07 06:30 . 2011-08-07 06:30 388096 ----a-r- c:\users\utilisateur\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-06 17:30 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C906DA64-C8B1-481A-B5C7-835730CD124F}\mpengine.dll
2011-08-02 17:34 . 2011-08-02 17:34 -------- d-----w- c:\users\utilisateur\AppData\Roaming\PeerNetworking
2011-07-27 13:59 . 2011-07-27 14:00 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\Adobe
2011-07-11 15:41 . 2011-07-27 13:59 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Roaming\Adobe
2011-07-11 15:41 . 2011-07-12 07:26 -------- d-----w- c:\users\Invité.PC-de-utilisate\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-04-11 10:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 20:28 . 2011-06-03 20:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-05-28 06:08 . 2011-06-17 11:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-17 11:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-17 11:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-17 11:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-17 11:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-17 11:16 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-17 11:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-17 11:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2009-10-06 13:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 12:13 . 2011-05-19 12:13 0 ----a-w- c:\users\utilisateur\AppData\Local\BITF650.tmp
2011-05-18 18:39 . 2011-05-18 18:39 0 ----a-w- c:\users\utilisateur\AppData\Local\BIT34C6.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [BU]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [BU]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [BU]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-16 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SAOB Monitor"="c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
c:\users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 16:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-14 9216]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-07-21 105088]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-04-11 752128]
S2 afcdpsrv;Service Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-04-11 3246040]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2008-04-30 200704]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [2009-06-07 61440]
S2 SFR.DashBoard.Service;SFR.DashBoard.Service;c:\program files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe [2010-05-31 18272]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-04-11 167968]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-18 15:34]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 12:01]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 12:01]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\z1te0y7n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 23:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2892)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\system32\conime.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WTClient.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Heure de fin: 2011-08-07 23:38:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-08-07 21:38
ComboFix2.txt 2011-08-07 18:59
.
Avant-CF: 28 942 831 616 octets libres
Après-CF: 28 887 965 696 octets libres
.
- - End Of File - - 406012EC88FE08810B880F9482990633
the ESETscan said no viruses and didn't give me an option to print a log.
SECURITY CHECKLIST log
Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (3.6.18) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
``````````End of Log````````````
kevinf80_1d0ac6
1.1K Posts
0
August 8th, 2011 03:00
The icon you mention that shows up on boot is related to Roxio, it monitors changes to your system. It shows in HJT:
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
It is not malicious but does not need to run at startup,
You can stop that in MSConfig or you can do it with HJT as follows:
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.
Next,
You have UAC (User Access Control) turned off, you should have that turned on at all times.
Next,
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
kevinf80_1d0ac6
1.1K Posts
0
August 10th, 2011 13:00
Due to unforeseen circumstances I will be away from this Forum for approximately two weeks. If another helper wishes to take over your log please follow their instructions.
If you receive no responses within 48 hours of this reply please start a new thread. In your new thread list your current issues and also give a link to this thread so any new helper can see what has been done.
Apologies,
Kevin
parispainter
20 Posts
0
August 22nd, 2011 02:00
hi kevin
ive been away too so im hoping all's well with you and you are back on line.
my files are back and there seems to be no viruses but there are small bugs. all my desktop icons are still underlined. i can't selected many files at once (to download photos for example) and in my accessories/ system tools, all have disappeared: no defrag, no cleanup, no info. also, i still have all the logs and programs you had me download. what next?