Jump to content

Perduedslesbois

Honorary Members
  • Posts

    102
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Canada
  1. Hi My computer was free. It was a bank who got rid of its old machines. I know that my Windows XP is legal cause I don't think company are using cracked OS. But I don't have the CD. Me and my friends don't have money to spend to buy even old parts.....what we have are gifts, or stuff throwed in recycle bin. So if we can put our hands on a not so bad machine like mine..It's like gold! I'M satisfied with what I have, and I take good care of my machine cause I know it's used and that someday it will die. I don't use it in hot summer days and I turn it off when I leave. And I will not use it to cook some eggs or bacon so maybe it will still last for a few more years.
  2. Hi everybody I'm just a simple girl, poor, relatively new beginner with computers. I don't know a lot of things about it and I just wrote in this topic because it was saying that poor people using XP will continue to use it cause it works fine and does the job; and that's what it is for me. I don't have a diploma in technology, I just speak for my own littles experiments; I don't mean to force my ideas.... Good, I'm happy for her. ... Me I know the Dell company but Optiplex GX620 is like Chinese( ) for me. I don't say that Windows 7 is not better, I just say that for me and my few friends, we are more satisfied with the XP. Like the Chinese in the topic's subject. ?? I'm not sure I understand you well here; I'm sorry I didn't know we needed to be very precise when we speak about our machines....I thought that saying the brand name and the kind of processor and his speed was sufficient to give an idea that I don't have a "bomb" for machine and that I prefer XP (in the China-Windows XP subject). ... But here: IBM Thinkcenter 8187F4F I caught a virus because I downloaded a FREE game on my computer and turned off my AV when it warned me...I thought it was just making trouble cause it was a game. That's how. Now I KNOW about FREE stuff. But before that I NEVER got infected. Disabled your AV on a big new machine with a new OS with all the updates and go download free stuff and things from bad sites and I think you will be infected! Typhoid Mary.... Oh, my bad, I thought it was a chocolate bar! Oh it's not that I don't like it; I'm poor and my friends too and we try to do our best with what we have and keep it long term. Here, old IBM and Windows XP are like gold... Go buy me a new powerful machine with a new OS, give it to me and I will gladly take it! We're doing with what we have! Very interesting this topic, I didn't know the Chinese was using that much XP.
  3. Hi M. Thx for all your help! And the offer if I saw infection signs. The computer is running well but there are a few littles things not like before, now I have a SVCHOST.EXE who takes 50-95% when I start the machine. It may last several minutes. I think it appeared in the middle of our process here. I had SVCHOST before but not taking this much cpu....Is it ok? My internet seems a little bit slower than before, but maybe it's my AV. Or is there things I need to boxchecked somewhere cause we reseted the internet? Beside that all seems ok! Hum for the tool cleaning, I have done the steps, after there were some leftover that I remove with the install/uninstall. But there is stll RKILL, but not listed there..is it ok if I just throw it in the garbage? ...Thx for all the reading you gave me! I like to learn about computers! And last question, what do you think if I encrypt my Windows files with the tool in Windows? Will I be more protected from malwares to modified my files? Bye bye thx for all your PATIENCE!
  4. Hi M. Yeah, it's very weird to not be able to remove an AV I think. Thanks for trying. (Do you know why this Avira does that?) Like I said I think the computer is ok, seems to run well; thanks for your help. If we are done, I'll just ask a little help to remove all the tools we used.
  5. Hi M. Here the log: ComboFix 13-09-06.01 - home 2013-09-07 23:03:40.8.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2015.1594 [GMT -4:00] Lancé depuis: c:\documents and settings\home\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\home\Bureau\CFScript.txt AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . FILE :: "c:\windows\System32\DRIVERS\avgntflt.sys" "c:\windows\System32\DRIVERS\avipbb.sys" . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-08-08 au 2013-09-08 )))))))))))))))))))))))))))))))))))) . . 2013-09-02 08:54 . 2013-09-02 08:54 -------- d-----w- c:\documents and settings\home\Application Data\Comodo 2013-09-02 08:21 . 2013-09-02 08:21 -------- d-----w- c:\program files\Fichiers communs\COMODO 2013-09-02 08:08 . 2013-09-08 02:48 260912 ----a-w- c:\windows\system32\drivers\sfi.dat 2013-09-02 08:06 . 2013-09-02 08:07 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\COMODO 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO 2013-09-02 07:10 . 2013-09-02 07:10 48392 ----a-w- c:\windows\system32\certsentry.dll 2013-09-02 07:07 . 2013-09-02 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2013-08-28 16:30 . 2013-08-28 16:30 -------- d--h--w- c:\windows\PIF 2013-08-20 02:25 . 2013-08-20 02:29 -------- d-----w- c:\program files\ERUNT 2013-08-19 07:47 . 2013-08-25 21:28 -------- d-----w- C:\FRST 2013-08-19 00:35 . 2013-08-19 01:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-08-16 20:10 . 2013-08-16 20:10 -------- d-----w- c:\windows\Logs 2013-08-16 19:41 . 2013-08-16 19:42 -------- d-----w- c:\windows\system32\NtmsData 2013-08-16 19:34 . 2013-08-16 19:34 -------- d-----w- C:\boot 2013-08-16 19:34 . 2013-08-28 16:34 -------- d-----w- c:\program files\Macrium 2013-08-16 19:27 . 2013-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-09 01:59 . 2013-07-09 01:59 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2013-06-28 20:02 . 2013-06-28 20:02 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys 2013-06-18 20:16 . 2013-06-18 20:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-06-18 20:16 . 2013-06-18 20:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-06-18 20:16 . 2013-06-18 20:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-06-18 20:15 . 2013-06-18 20:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll 2013-06-18 20:15 . 2013-06-18 20:15 348584 ----a-w- c:\windows\system32\guard32.dll 2013-06-18 20:15 . 2013-06-18 20:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll 2013-06-18 20:15 . 2013-06-18 20:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1464536] "gbrspcontrol"="c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe"= c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP "c:\\Program Files\\File Type Assistant\\TSAssist.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= . R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [07/05/2013 03:00 36112] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18/06/2013 16:16 18528] R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [08/07/2013 21:59 587352] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/06/2013 16:16 32816] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Fichiers communs\COMODO\launcher_service.exe [24/07/2013 08:50 70352] R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [01/08/2013 07:20 2095808] R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe [30/05/2013 08:47 1851088] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [30/03/2011 12:09 109728] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/04/2013 19:47 418376] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/04/2013 19:47 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/04/2013 19:47 701512] S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [30/03/2011 11:44 24424] S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [18/06/2013 16:15 127192] S3 WIMMount;WIMMount;\??\c:\program files\Macrium\Reflect\wimmount.sys --> c:\program files\Macrium\Reflect\wimmount.sys [?] . Contenu du dossier 'Tâches planifiées' . 2013-09-08 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-08 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-08 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-08 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-08 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-10 21:24] . 2013-09-07 c:\windows\Tasks\ProgramRefresh-ATFST.job - c:\program files\File Type Assistant\TSASetup.exe [2013-04-10 01:18] . 2013-09-08 c:\windows\Tasks\ProgramUpdateCheck.job - c:\program files\File Type Assistant\tsassist.exe [2013-04-10 17:09] . . ------- Examen supplémentaire ------- . TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2 TCP: Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: NameServer = 156.154.70.25,156.154.71.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-07 23:16 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="15-YKNE-76RZ-ZWT9-D88T-YNWW-P4V9WWS" "Activated"="N" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'lsass.exe'(776) c:\windows\system32\guard32.dll c:\windows\system32\mswsock.dll c:\windows\System32\wshtcpip.dll . - - - - - - - > 'explorer.exe'(3448) c:\windows\system32\guard32.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll c:\windows\system32\MPR.dll . - - - - - - - > 'csrss.exe'(692) c:\windows\system32\cmdcsr.dll . Heure de fin: 2013-09-07 23:21:04 ComboFix-quarantined-files.txt 2013-09-08 03:20 ComboFix2.txt 2013-09-07 03:08 ComboFix3.txt 2013-09-04 03:30 ComboFix4.txt 2013-09-04 02:12 ComboFix5.txt 2013-09-08 03:00 . Avant-CF: 26 322 731 008 octets libres Après-CF: 26 330 247 168 octets libres . - - End Of File - - FA81CA50630E17828BD125F122C4468B C99C3199CFAA4CBDCD91493F6D113A50
  6. hehe I've done some research and it's look like it's Combofix that put that on the computer....sorry for the sooner question
  7. HI M. Just a question, I always take a quick look in the results and what is that in the one month created files and folders?: 2013-08-19 02:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe The date are weirds and I never heard about SteelWeerX Thx, waiting for your instructions
  8. Hi M. Here the FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2013 02 Ran by home (administrator) on IBMCAMRESEAU on 07-09-2013 10:00:30 Running from C:\Documents and Settings\home\Bureau Microsoft Windows XP Professionnel Service Pack 3 (X86) OS Language: French Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Comodo Security Solutions Inc.) C:\Program Files\Fichiers communs\COMODO\launcher_service.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe () C:\Program Files\Comodo\Dragon\dragon_updater.exe (Comodo Security Solutions, Inc.) C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe (Intel Corporation) C:\WINDOWS\system32\IProsetMonitor.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc.) C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO) HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.) Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation) HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1 HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863 HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323 HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [skinClock] - C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1740288 2008-09-30] () HKCU\...\Run: [Gadwin PrintScreen] - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc) HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 323 HKCU\...\Policies\Explorer: [NoDriveAutoRun] 67108863 HKCU\...\Policies\Explorer: [NoDrives] 0 Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Start GeekBuddy.lnk ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/defaultf.aspx?ocid=iehp SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 24.201.245.77 24.200.0.1 24.53.0.2 Tcpip\..\Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: [NameServer]156.154.70.25,156.154.71.25 ========================== Services (Whitelisted) ================= R2 CLPSLauncher; C:\Program Files\Fichiers communs\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO) R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] () R2 GeekBuddyRSP; C:\Program Files\Fichiers communs\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.) R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [109728 2011-01-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 ADM8511; C:\Windows\System32\DRIVERS\NET8511.SYS [24424 2000-12-12] (ADMtek) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-12-14] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-12-14] (Avira GmbH) R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows ® Win 7 DDK provider) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [18528 2013-06-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [587352 2013-07-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32816 2013-06-18] (COMODO) R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [171152 2011-03-30] (Intel Corporation) R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99520 2013-06-18] (COMODO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 WDM_YAMAHAAC97; C:\Windows\System32\drivers\yacxgc.sys [205440 2003-06-27] (YAMAHA CORPORATION) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 WIMMount; \??\C:\Program Files\Macrium\Reflect\wimmount.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-06 23:08 - 2013-09-06 23:08 - 00011678 _____ C:\ComboFix.txt 2013-09-05 21:46 - 2013-09-05 21:59 - 00080356 _____ C:\Documents and Settings\home\Bureau\SystemLook.txt 2013-09-05 21:46 - 2013-09-05 21:46 - 00139264 _____ C:\Documents and Settings\home\Bureau\SystemLook.exe 2013-09-02 04:54 - 2013-09-02 04:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\Comodo 2013-09-02 04:21 - 2013-09-02 04:21 - 00000000 ____D C:\Program Files\Fichiers communs\COMODO 2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job 2013-09-02 04:08 - 2013-09-07 09:58 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2013-09-02 04:08 - 2013-09-07 04:09 - 00248384 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2013-09-02 04:06 - 2013-09-02 04:07 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space 2013-09-02 04:03 - 2013-09-02 04:03 - 00000746 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile 2013-09-02 04:01 - 2013-09-02 04:01 - 150622552 _____ (COMODO) C:\Documents and Settings\home\Bureau\cispro_installer.exe 2013-09-02 03:13 - 2013-09-02 03:13 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO 2013-09-02 03:10 - 2013-09-02 03:10 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll 2013-09-02 03:07 - 2013-09-02 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader 2013-08-28 12:30 - 2013-08-28 12:30 - 00000000 ___HD C:\WINDOWS\PIF 2013-08-28 01:49 - 2013-08-28 01:49 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\home\Bureau\mbam-check-2.0.0.1000.exe 2013-08-28 01:49 - 2013-08-28 01:49 - 00029598 _____ C:\Documents and Settings\home\Bureau\CheckResults.txt 2013-08-25 23:52 - 2013-09-07 09:59 - 01081843 _____ (Farbar) C:\Documents and Settings\home\Bureau\FRST.exe 2013-08-25 20:43 - 2013-08-25 20:43 - 11260240 _____ (Microsoft Corporation) C:\Documents and Settings\home\Bureau\mseinstall.exe 2013-08-24 15:40 - 2013-08-24 15:40 - 00010398 _____ C:\list.txt 2013-08-24 15:21 - 2013-08-24 15:21 - 00010398 _____ C:\liste.txt 2013-08-23 11:55 - 2013-08-23 11:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-23 00:46 - 2013-08-23 00:48 - 00000000 ____D C:\WINDOWS\pss 2013-08-22 21:22 - 2013-09-06 22:19 - 05120615 ____R (Swearware) C:\Documents and Settings\home\Bureau\ComboFix.exe 2013-08-20 19:10 - 2013-08-20 19:10 - 00005536 _____ C:\Documents and Settings\home\Bureau\xpnetdiag.xml 2013-08-19 22:25 - 2013-08-19 22:29 - 00000000 ____D C:\Program Files\ERUNT 2013-08-19 22:25 - 2013-08-19 22:25 - 00000617 _____ C:\Documents and Settings\home\Bureau\NTREGOPT.lnk 2013-08-19 22:25 - 2013-08-19 22:25 - 00000598 _____ C:\Documents and Settings\home\Bureau\ERUNT.lnk 2013-08-19 22:24 - 2013-08-19 22:24 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\home\Bureau\erunt-setup.exe 2013-08-19 03:47 - 2013-08-25 17:28 - 00000000 ____D C:\FRST 2013-08-19 02:42 - 2013-08-19 02:42 - 00000000 _RSHD C:\cmdcons 2013-08-19 02:42 - 2011-03-30 10:53 - 00000212 _____ C:\Boot.bak 2013-08-19 02:42 - 2004-08-03 23:00 - 00263488 __RSH C:\cmldr 2013-08-19 02:40 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-08-19 02:40 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-08-19 02:40 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-08-19 02:40 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-08-19 02:39 - 2013-09-06 23:08 - 00000000 ____D C:\Qoobox 2013-08-19 02:27 - 2013-08-19 02:28 - 00002776 _____ C:\Documents and Settings\home\Bureau\Rkill.txt 2013-08-19 02:27 - 2013-08-19 02:27 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\home\Bureau\rkill.exe 2013-08-18 20:35 - 2013-08-18 21:35 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-16 20:12 - 2013-08-23 11:55 - 00000000 ____D C:\WINDOWS\erdnt 2013-08-16 16:41 - 2013-08-28 12:35 - 00011071 _____ C:\Documents and Settings\home\Bureau\attach.txt 2013-08-16 16:41 - 2013-08-28 12:35 - 00006134 _____ C:\Documents and Settings\home\Bureau\dds.txt 2013-08-16 16:40 - 2013-08-16 16:40 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes vidéos 2013-08-16 15:41 - 2013-08-16 15:42 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-08-16 15:34 - 2013-08-28 12:34 - 00000000 ____D C:\Program Files\Macrium 2013-08-16 15:30 - 2013-08-16 15:31 - 00000000 ____D C:\Documents and Settings\home\Mes documents\Macrium 2013-08-16 15:27 - 2013-08-16 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium 2013-08-16 15:06 - 2013-08-16 15:06 - 00688992 ____R (Swearware) C:\Documents and Settings\home\Bureau\dds.com 2013-08-08 03:34 - 2013-08-08 05:07 - 00331324 _____ C:\Documents and Settings\home\Mes documents\Layout.ini ==================== One Month Modified Files and Folders ======= 2013-09-07 10:00 - 2011-03-30 11:41 - 00000000 ____D C:\Documents and Settings\home\Bureau 2013-09-07 09:59 - 2013-08-25 23:52 - 01081843 _____ (Farbar) C:\Documents and Settings\home\Bureau\FRST.exe 2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job 2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job 2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job 2013-09-07 09:58 - 2013-09-02 04:08 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job 2013-09-07 09:52 - 2011-03-30 05:29 - 00588861 _____ C:\WINDOWS\setupapi.log 2013-09-07 04:09 - 2013-09-02 04:08 - 00248384 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2013-09-06 23:21 - 2011-03-30 10:57 - 01521316 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-06 23:20 - 2013-04-09 21:16 - 00000392 _____ C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2013-09-06 23:20 - 2013-04-09 21:16 - 00000384 _____ C:\WINDOWS\Tasks\Final Media Player Update Checker.job 2013-09-06 23:20 - 2011-12-14 20:33 - 00000757 _____ C:\Documents and Settings\home\Application Data\AtomicAlarmClock.ini 2013-09-06 23:20 - 2011-03-30 11:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-06 23:19 - 2011-03-30 11:41 - 00000184 ___SH C:\Documents and Settings\home\ntuser.ini 2013-09-06 23:19 - 2011-03-30 11:39 - 00032582 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-06 23:09 - 2011-03-30 11:01 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-09-06 23:08 - 2013-09-06 23:08 - 00011678 _____ C:\ComboFix.txt 2013-09-06 23:08 - 2013-08-19 02:39 - 00000000 ____D C:\Qoobox 2013-09-06 23:04 - 2004-08-05 08:00 - 00000227 _____ C:\WINDOWS\system.ini 2013-09-06 23:03 - 2004-08-05 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl 2013-09-06 22:30 - 2011-03-30 05:30 - 00000000 ____D C:\Program Files\Fichiers communs 2013-09-06 22:19 - 2013-08-22 21:22 - 05120615 ____R (Swearware) C:\Documents and Settings\home\Bureau\ComboFix.exe 2013-09-06 21:18 - 2013-04-09 21:18 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant 2013-09-06 21:18 - 2013-04-09 21:16 - 00000448 _____ C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2013-09-06 21:18 - 2013-04-09 21:16 - 00000000 ____D C:\Program Files\File Type Assistant 2013-09-05 23:35 - 2013-01-07 04:25 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes images 2013-09-05 21:59 - 2013-09-05 21:46 - 00080356 _____ C:\Documents and Settings\home\Bureau\SystemLook.txt 2013-09-05 21:55 - 2013-02-04 10:50 - 00000000 ____D C:\Documents and Settings\home\Mes documents\PrintScreen Files 2013-09-05 21:55 - 2011-03-30 05:33 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-09-05 21:55 - 2011-03-30 05:33 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-09-05 21:46 - 2013-09-05 21:46 - 00139264 _____ C:\Documents and Settings\home\Bureau\SystemLook.exe 2013-09-04 00:09 - 2011-03-30 11:41 - 00000000 ____D C:\Documents and Settings\home 2013-09-02 05:07 - 2011-03-30 10:56 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-09-02 04:54 - 2013-09-02 04:54 - 00000000 ____D C:\Documents and Settings\home\Application Data\Comodo 2013-09-02 04:54 - 2013-01-22 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO 2013-09-02 04:22 - 2013-01-22 19:41 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO 2013-09-02 04:22 - 2011-03-30 05:30 - 00000000 ____D C:\Documents and Settings\All Users\Bureau 2013-09-02 04:21 - 2013-09-02 04:21 - 00000000 ____D C:\Program Files\Fichiers communs\COMODO 2013-09-02 04:07 - 2013-09-02 04:06 - 00000000 ___SD C:\Documents and Settings\All Users\Application Data\Shared Space 2013-09-02 04:05 - 2013-01-22 19:37 - 00000000 ____D C:\Program Files\Comodo 2013-09-02 04:03 - 2013-09-02 04:03 - 00000746 _____ C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile 2013-09-02 04:01 - 2013-09-02 04:01 - 150622552 _____ (COMODO) C:\Documents and Settings\home\Bureau\cispro_installer.exe 2013-09-02 03:13 - 2013-09-02 03:13 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO 2013-09-02 03:10 - 2013-09-02 03:10 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll 2013-09-02 03:10 - 2013-01-22 19:37 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\COMODO 2013-09-02 03:07 - 2013-09-02 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo Downloader 2013-09-02 01:38 - 2011-03-30 12:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-08-28 12:35 - 2013-08-16 16:41 - 00011071 _____ C:\Documents and Settings\home\Bureau\attach.txt 2013-08-28 12:35 - 2013-08-16 16:41 - 00006134 _____ C:\Documents and Settings\home\Bureau\dds.txt 2013-08-28 12:34 - 2013-08-16 15:34 - 00000000 ____D C:\Program Files\Macrium 2013-08-28 12:30 - 2013-08-28 12:30 - 00000000 ___HD C:\WINDOWS\PIF 2013-08-28 01:49 - 2013-08-28 01:49 - 00353352 _____ (Malwarebytes Corporation) C:\Documents and Settings\home\Bureau\mbam-check-2.0.0.1000.exe 2013-08-28 01:49 - 2013-08-28 01:49 - 00029598 _____ C:\Documents and Settings\home\Bureau\CheckResults.txt 2013-08-25 20:59 - 2012-01-18 20:59 - 00001919 _____ C:\WINDOWS\epplauncher.mif 2013-08-25 20:43 - 2013-08-25 20:43 - 11260240 _____ (Microsoft Corporation) C:\Documents and Settings\home\Bureau\mseinstall.exe 2013-08-25 17:28 - 2013-08-19 03:47 - 00000000 ____D C:\FRST 2013-08-24 15:40 - 2013-08-24 15:40 - 00010398 _____ C:\list.txt 2013-08-24 15:21 - 2013-08-24 15:21 - 00010398 _____ C:\liste.txt 2013-08-23 11:55 - 2013-08-23 11:55 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG 2013-08-23 11:55 - 2013-08-23 11:55 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG 2013-08-23 11:55 - 2013-08-16 20:12 - 00000000 ____D C:\WINDOWS\erdnt 2013-08-23 11:55 - 2011-03-30 05:29 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak 2013-08-23 11:55 - 2011-03-30 05:29 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak 2013-08-23 11:55 - 2011-03-30 05:28 - 13631488 _____ C:\WINDOWS\system32\config\software.bak 2013-08-23 11:55 - 2011-03-30 05:28 - 04456448 _____ C:\WINDOWS\system32\config\system.bak 2013-08-23 11:55 - 2011-03-30 05:28 - 00262144 _____ C:\WINDOWS\system32\config\default.bak 2013-08-23 00:48 - 2013-08-23 00:46 - 00000000 ____D C:\WINDOWS\pss 2013-08-23 00:48 - 2011-03-30 05:28 - 00000328 __RSH C:\boot.ini 2013-08-23 00:48 - 2004-08-05 08:00 - 00000507 _____ C:\WINDOWS\win.ini 2013-08-20 19:10 - 2013-08-20 19:10 - 00005536 _____ C:\Documents and Settings\home\Bureau\xpnetdiag.xml 2013-08-19 22:29 - 2013-08-19 22:25 - 00000000 ____D C:\Program Files\ERUNT 2013-08-19 22:25 - 2013-08-19 22:25 - 00000617 _____ C:\Documents and Settings\home\Bureau\NTREGOPT.lnk 2013-08-19 22:25 - 2013-08-19 22:25 - 00000598 _____ C:\Documents and Settings\home\Bureau\ERUNT.lnk 2013-08-19 22:24 - 2013-08-19 22:24 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\home\Bureau\erunt-setup.exe 2013-08-19 02:42 - 2013-08-19 02:42 - 00000000 _RSHD C:\cmdcons 2013-08-19 02:28 - 2013-08-19 02:27 - 00002776 _____ C:\Documents and Settings\home\Bureau\Rkill.txt 2013-08-19 02:27 - 2013-08-19 02:27 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\home\Bureau\rkill.exe 2013-08-19 01:52 - 2011-03-30 11:41 - 00000000 ___HD C:\Documents and Settings\home\Voisinage réseau 2013-08-18 21:35 - 2013-08-18 20:35 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-08-16 16:40 - 2013-08-16 16:40 - 00000000 ___RD C:\Documents and Settings\home\Mes documents\Mes vidéos 2013-08-16 16:06 - 2013-08-16 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium 2013-08-16 15:49 - 2011-03-30 10:55 - 00000000 ____D C:\WINDOWS\Registration 2013-08-16 15:49 - 2011-03-30 05:23 - 00000000 ____D C:\WINDOWS\repair 2013-08-16 15:42 - 2013-08-16 15:41 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-08-16 15:31 - 2013-08-16 15:30 - 00000000 ____D C:\Documents and Settings\home\Mes documents\Macrium 2013-08-16 15:06 - 2013-08-16 15:06 - 00688992 ____R (Swearware) C:\Documents and Settings\home\Bureau\dds.com 2013-08-14 14:45 - 2013-04-12 19:32 - 00000000 ____D C:\Eric 2013-08-08 12:14 - 2013-08-07 01:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Big Fish 2013-08-08 12:14 - 2013-08-07 01:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache 2013-08-08 05:07 - 2013-08-08 03:34 - 00331324 _____ C:\Documents and Settings\home\Mes documents\Layout.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [2004-08-05 08:00] - [2008-04-13 20:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2004-08-05 08:00] - [2008-04-13 20:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  9. Hi M. I ran combofix and it was about to reboot the computer but it froze while the desktop had disapeared; the machine looked lost in a "loop". I wait more than 20 minutes and I finally shut down the machine manually. It scared me cause it never happened before with my computer! But in the start all seems ok and combofix produced the log, here: ComboFix 13-09-06.01 - home 2013-09-06 22:23:50.7.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2015.1641 [GMT -4:00] Lancé depuis: c:\documents and settings\home\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\home\Bureau\CFScript.txt AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . FILE :: "c:\docume~1\home\LOCALS~1\APPLIC~1\ASKTOO~2\DOWNLO~1\AVIRAT~1.DLL" "c:\documents and settings\home\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraTrans.dll" "c:\documents and settings\home\Local Settings\temp\java_install_reg.log" "c:\documents and settings\home\Recent\avira_registry_cleaner_en.zip.lnk" "c:\documents and settings\home\Recent\FIXAVIRA.lnk" "c:\documents and settings\home\Recent\java.JPG.lnk" "c:\frst\Quarantine\Avira\AntiVir Desktop\avgntflt.inf" "c:\windows\Prefetch\JAVAW.EXE-2DC32ABC.pf" "c:\windows\system32\deployJava1.dll" "c:\windows\system32\drivers\avgntflt.sys" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Avira c:\documents and settings\All Users\Application Data\Avira(2) c:\documents and settings\All Users\Application Data\Avira(2)\AntiVir Desktop(2)\EVENTDB(2)\avevtdb.dbe c:\documents and settings\All Users\Application Data\Avira(2)\AntiVir Desktop(2)\LOGFILES(2)\sched.log c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\avwin.ini c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\avevtdb.dbe c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES\sched.log c:\documents and settings\home\Application Data\Avira c:\windows\Sun . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-08-07 au 2013-09-07 )))))))))))))))))))))))))))))))))))) . . 2013-09-02 08:54 . 2013-09-02 08:54 -------- d-----w- c:\documents and settings\home\Application Data\Comodo 2013-09-02 08:21 . 2013-09-02 08:21 -------- d-----w- c:\program files\Fichiers communs\COMODO 2013-09-02 08:08 . 2013-09-07 03:03 248001 ----a-w- c:\windows\system32\drivers\sfi.dat 2013-09-02 08:06 . 2013-09-02 08:07 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\COMODO 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO 2013-09-02 07:10 . 2013-09-02 07:10 48392 ----a-w- c:\windows\system32\certsentry.dll 2013-09-02 07:07 . 2013-09-02 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2013-08-28 16:30 . 2013-08-28 16:30 -------- d--h--w- c:\windows\PIF 2013-08-20 02:25 . 2013-08-20 02:29 -------- d-----w- c:\program files\ERUNT 2013-08-19 07:47 . 2013-08-25 21:28 -------- d-----w- C:\FRST 2013-08-19 00:35 . 2013-08-19 01:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-08-16 20:10 . 2013-08-16 20:10 -------- d-----w- c:\windows\Logs 2013-08-16 19:41 . 2013-08-16 19:42 -------- d-----w- c:\windows\system32\NtmsData 2013-08-16 19:34 . 2013-08-16 19:34 -------- d-----w- C:\boot 2013-08-16 19:34 . 2013-08-28 16:34 -------- d-----w- c:\program files\Macrium 2013-08-16 19:27 . 2013-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-09 01:59 . 2013-07-09 01:59 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2013-06-28 20:02 . 2013-06-28 20:02 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys 2013-06-18 20:16 . 2013-06-18 20:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-06-18 20:16 . 2013-06-18 20:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-06-18 20:16 . 2013-06-18 20:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-06-18 20:15 . 2013-06-18 20:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll 2013-06-18 20:15 . 2013-06-18 20:15 348584 ----a-w- c:\windows\system32\guard32.dll 2013-06-18 20:15 . 2013-06-18 20:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll 2013-06-18 20:15 . 2013-06-18 20:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1464536] "gbrspcontrol"="c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe"= c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP "c:\\Program Files\\File Type Assistant\\TSAssist.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= . R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [07/05/2013 03:00 36112] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18/06/2013 16:16 18528] R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [08/07/2013 21:59 587352] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/06/2013 16:16 32816] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Fichiers communs\COMODO\launcher_service.exe [24/07/2013 08:50 70352] R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [01/08/2013 07:20 2095808] R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe [30/05/2013 08:47 1851088] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [30/03/2011 12:09 109728] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/04/2013 19:47 418376] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/04/2013 19:47 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/04/2013 19:47 701512] S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [30/03/2011 11:44 24424] S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [18/06/2013 16:15 127192] S3 WIMMount;WIMMount;\??\c:\program files\Macrium\Reflect\wimmount.sys --> c:\program files\Macrium\Reflect\wimmount.sys [?] . Contenu du dossier 'Tâches planifiées' . 2013-09-07 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-07 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-07 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-07 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-07 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-10 21:24] . 2013-09-07 c:\windows\Tasks\ProgramRefresh-ATFST.job - c:\program files\File Type Assistant\TSASetup.exe [2013-04-10 01:18] . 2013-09-07 c:\windows\Tasks\ProgramUpdateCheck.job - c:\program files\File Type Assistant\tsassist.exe [2013-04-10 17:09] . . ------- Examen supplémentaire ------- . TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2 TCP: Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: NameServer = 156.154.70.25,156.154.71.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-06 23:04 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="15-YKNE-76RZ-ZWT9-D88T-YNWW-P4V9WWS" "Activated"="N" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'lsass.exe'(780) c:\windows\system32\guard32.dll c:\windows\system32\mswsock.dll c:\windows\System32\wshtcpip.dll . - - - - - - - > 'explorer.exe'(2264) c:\windows\system32\guard32.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll c:\program files\Atomic Alarm Clock\Clock.dll c:\windows\system32\webcheck.dll . - - - - - - - > 'csrss.exe'(696) c:\windows\system32\cmdcsr.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\COMODO\COMODO Internet Security\cavwp.exe c:\windows\system32\wscntfy.exe c:\program files\Comodo\GeekBuddy\unit_manager.exe c:\program files\Comodo\GeekBuddy\unit.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\COMODO\COMODO Internet Security\cis.exe . ************************************************************************** . Heure de fin: 2013-09-06 23:08:27 - La machine a redémarré ComboFix-quarantined-files.txt 2013-09-07 03:08 ComboFix2.txt 2013-09-04 03:30 ComboFix3.txt 2013-09-04 02:12 ComboFix4.txt 2013-09-02 09:37 ComboFix5.txt 2013-09-07 02:20 . Avant-CF: 26 326 577 152 octets libres Après-CF: 26 328 424 448 octets libres . - - End Of File - - 9DF50BBD65023C2992CEFCD71647693C C99C3199CFAA4CBDCD91493F6D113A50
  10. Hi M. ... Awww it was just to lose your time and mine by posting pointless message!.. I continued to try the scan again and again and finally it worked! So, here: And I am very happy to learned that my sites don't need Java. I play mostly games and I thought I needed it. But I am surprise about my internet company... ..Oh, and do you have a link where I can learn what is java script? And the difference between?Thx Waiting your instructions SystemLook.txt
  11. My my!! PROBLEM again!..... I removed Java and reboot the computer. I tried to run the scan system, error. So I replaced it by a new download, error. So I put the system exe and the system txt in garbage; to start new. So I fresh dowload the system scan and tried again to run it, ERROR! So now after a few seconds, there is always an error message when I run it So I am unable to do the scan. It says that windows had a problem running the program and need to close. And! If I make a search with the word java, there still plenty of stuff..is it normal?
  12. Hi M. Thx for this answer. O no, I am not a fan of Java! I don't know very well this program( hehe and the difference with Javascript) and I read here in other posts that this program is not good with security problems; that is why I asked you if it was ok to remove it. I am very surprised about what you said, and happy to learn that sites who requires it can be bads! But you know what? The first time I got Java on my computer is because of my internet company! O.O I needed it to go on their site! Wow, it doesn't make me confident about them! Is there any program to replace Java? Cause I am not a big net surfer but I think most of my sites need it Thanks for helping me with my sites list! Here: videotron.com (my internet cable company) youtube.com dailymotion.com miniclip.com ( one of my favorite! Go there each day!) wizard101.com gsn.com google.ca (search browser) ....and now here! And security-x.fr ..and other sites when I do some researchs but now I know that it's not good to go where they ask to have Java! .. Do I need to run the System scan again?
  13. Hi M. First of all, I'm sorry but I forgot to tell you that I did not remove Java from my computer yet, cause I know that a lot of sites use it. And you did not specialy mention a problem about this program in my computer.... so I hope you did not wrote it in the search cause you were wondering why there is still Java files showing. If so, I am really sorry! (There is a lot of them!) And I don't know if this report will show all the Avira stuff, but I wanted to tell you that the mini driver I told you about in my system 32 was just an exemple beyond many, I have other Avira files in my system32 with other names too. Here: P.S. Do you want me to scan the system again without asking for java stuff? It will be easier for you to read the report... SystemLook.txt
  14. Hi M. I can't delete the registry keys like before. And I can't delete the avgntflt.sys.. it says: "ERROR ACCESS DENIED. Check if the disk is full or protected in writting and that the file is not currently in use" I find that weird that I have Avira stuff in in my system32! Thx again and good night, I'll be back tomorrow
  15. Hi M. I reboot and ran Combofix, no warning this time about Avira! After I went to see in the registry and the Avira AntiVir desktop keys are still there. But I made a research for AVg and no keys found it seems. I don't see Avira in the programs files but there are some in Windows/system32/drivers....for example, "avgntflt.sys" and it says its Avira minifilter driver... Here Combofix results: ComboFix 13-09-02.02 - home 2013-09-03 23:13:30.6.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2015.1468 [GMT -4:00] Lancé depuis: c:\documents and settings\home\Bureau\ComboFix.exe AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-08-04 au 2013-09-04 )))))))))))))))))))))))))))))))))))) . . 2013-09-02 08:54 . 2013-09-02 08:54 -------- d-----w- c:\documents and settings\home\Application Data\Comodo 2013-09-02 08:21 . 2013-09-02 08:21 -------- d-----w- c:\program files\Fichiers communs\COMODO 2013-09-02 08:08 . 2013-09-04 01:44 95792 ----a-w- c:\windows\system32\drivers\sfi.dat 2013-09-02 08:06 . 2013-09-02 08:07 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\COMODO 2013-09-02 07:13 . 2013-09-02 07:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO 2013-09-02 07:10 . 2013-09-02 07:10 48392 ----a-w- c:\windows\system32\certsentry.dll 2013-09-02 07:07 . 2013-09-02 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2013-08-28 16:30 . 2013-08-28 16:30 -------- d--h--w- c:\windows\PIF 2013-08-20 02:25 . 2013-08-20 02:29 -------- d-----w- c:\program files\ERUNT 2013-08-19 07:47 . 2013-08-25 21:28 -------- d-----w- C:\FRST 2013-08-19 00:35 . 2013-08-19 01:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-08-16 20:10 . 2013-08-16 20:10 -------- d-----w- c:\windows\Logs 2013-08-16 19:41 . 2013-08-16 19:42 -------- d-----w- c:\windows\system32\NtmsData 2013-08-16 19:34 . 2013-08-16 19:34 -------- d-----w- C:\boot 2013-08-16 19:34 . 2013-08-28 16:34 -------- d-----w- c:\program files\Macrium 2013-08-16 19:27 . 2013-08-16 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium 2013-08-08 01:11 . 2013-08-08 01:33 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Brain Games Mahjongg Files 2013-08-08 00:55 . 2013-08-08 00:55 -------- d-----w- c:\documents and settings\home\Application Data\pixelStorm 2013-08-07 16:43 . 2013-08-07 16:43 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\JollyBear 2013-08-07 16:43 . 2013-08-07 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\JollyBear 2013-08-07 16:29 . 2013-08-07 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Casual Box 2013-08-07 14:47 . 2013-08-07 14:47 -------- d-----w- c:\documents and settings\home\Saved Games 2013-08-07 05:05 . 2013-08-07 05:05 -------- d-----w- c:\documents and settings\home\Application Data\AlawarEntertainment 2013-08-07 05:02 . 2013-08-08 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish 2013-08-07 05:01 . 2013-08-07 05:02 -------- d-----w- c:\documents and settings\home\Local Settings\Application Data\Big Fish 2013-08-07 05:01 . 2013-08-08 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishCache 2013-08-07 04:13 . 2013-08-07 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Solid State Networks . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-09 01:59 . 2013-07-09 01:59 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2013-06-28 20:02 . 2013-06-28 20:02 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys 2013-06-18 20:16 . 2013-06-18 20:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-06-18 20:16 . 2013-06-18 20:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-06-18 20:16 . 2013-06-18 20:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-06-18 20:15 . 2013-06-18 20:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll 2013-06-18 20:15 . 2013-06-18 20:15 348584 ----a-w- c:\windows\system32\guard32.dll 2013-06-18 20:15 . 2013-06-18 20:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll 2013-06-18 20:15 . 2013-06-18 20:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-09-30 1740288] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-09 1464536] "gbrspcontrol"="c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe" [2013-05-30 1851088] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2013-7-24 49360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe"= c:\program files\Fichiers communs\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP "c:\\Program Files\\File Type Assistant\\TSAssist.exe"= "c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"= . R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [07/05/2013 03:00 36112] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18/06/2013 16:16 18528] R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [08/07/2013 21:59 587352] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18/06/2013 16:16 32816] R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Fichiers communs\COMODO\launcher_service.exe [24/07/2013 08:50 70352] R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [01/08/2013 07:20 2095808] R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\Fichiers communs\COMODO\GeekBuddyRSP.exe [30/05/2013 08:47 1851088] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [30/03/2011 12:09 109728] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [08/04/2013 19:47 418376] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/04/2013 19:47 22856] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/04/2013 19:47 701512] S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [30/03/2011 11:44 24424] S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\Comodo\COMODO Internet Security\cmdvirth.exe [18/06/2013 16:15 127192] S3 WIMMount;WIMMount;\??\c:\program files\Macrium\Reflect\wimmount.sys --> c:\program files\Macrium\Reflect\wimmount.sys [?] . Contenu du dossier 'Tâches planifiées' . 2013-09-04 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-04 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-04 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-04 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-07-09 01:59] . 2013-09-04 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-10 21:24] . 2013-08-31 c:\windows\Tasks\ProgramRefresh-ATFST.job - c:\program files\File Type Assistant\TSASetup.exe [2013-04-10 01:18] . 2013-09-04 c:\windows\Tasks\ProgramUpdateCheck.job - c:\program files\File Type Assistant\tsassist.exe [2013-04-10 17:09] . . ------- Examen supplémentaire ------- . TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2 TCP: Interfaces\{E09B6166-8D26-46DF-B5DC-F2814CD3551F}: NameServer = 156.154.70.25,156.154.71.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-03 23:25 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="15-YKNE-76RZ-ZWT9-D88T-YNWW-P4V9WWS" "Activated"="N" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'lsass.exe'(780) c:\windows\system32\guard32.dll c:\windows\system32\mswsock.dll c:\windows\System32\wshtcpip.dll . - - - - - - - > 'explorer.exe'(3592) c:\windows\system32\guard32.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WS2_32.dll c:\windows\system32\WS2HELP.dll c:\windows\system32\MPR.dll . - - - - - - - > 'csrss.exe'(696) c:\windows\system32\cmdcsr.dll . Heure de fin: 2013-09-03 23:30:07 ComboFix-quarantined-files.txt 2013-09-04 03:29 ComboFix2.txt 2013-09-04 02:12 ComboFix3.txt 2013-09-02 09:37 ComboFix4.txt 2013-08-23 16:02 ComboFix5.txt 2013-09-04 03:11 . Avant-CF: 26 312 962 048 octets libres Après-CF: 26 324 889 600 octets libres . - - End Of File - - 3FC8E4EE9E3CBDFF6EFAAA2288B12785 C99C3199CFAA4CBDCD91493F6D113A50 Thx again for your help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.