Infection by 007guard

Solved
Sofia37 Posted messages 604 Status Member -  
Sofia37 Posted messages 604 Status Member -
Hello,
I noticed recently that my internet speed is slow!
Thinking about a usage of my bandwidth by a third party, I executed "netstat" in the command prompt... and it displayed several connections to ports connected to a certain ww.007guard.com

I was helped recently for a Bagle disinfection but still my connection went down from 6 to 1 mg

There you go, thank you in advance for your future response.
Configuration: Windows XP Internet Explorer 7.0

13 answers

  1. Anonymous user
     
    Hi Gen, Sofia

    * You won't be able to download USBfix because Chiquitine needs to review the tool!

    * See the CCMistes desktop --> messages from V_X
    1
  2. gen-hackman
     
    Hello :

    Download Smitfraudfix by S!RI :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    Unzip the archive
    Run it by double-clicking on Smitfraudfix.cmd
    Press any key to continue
    At the command prompt, type the letter L to switch the fix to French
    In the menu, choose option 4 then 1: Search
    Post the generated report
    --
    Be careful with keygens and cracks, Bagle resides there
    Remember to mark as resolved for others Thank you
    -----g3и-н@¢км@и-----
    0
  3. Sofia37 Posted messages 604 Status Member 39
     
    Thank you for helping me again gen-hackman,

    Here is the report:

    SmitFraudFix v2.391

    Report made at 15:51:56.95, 20/01/2009
    Executed from C:\Documents and Settings\Sophie\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    The file system type is NTFS
    Fix executed in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ActivBoard\ABoard.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\ActivBoard\AOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Corrupted hosts file!

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sophie

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sophie\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sophie\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sophie\Favorites

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Google\googletoolbar1.dll PRESENT!

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop items

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, the following keys are not necessarily infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, the following keys are not necessarily infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, the following keys are not necessarily infected!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, the following keys are not necessarily infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, the following keys are not necessarily infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, the following keys are not necessarily infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, the following keys are not necessarily infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, the following keys are not necessarily infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Fast Ethernet PCI Realtek RTL8139 Network Card - Packet scheduling miniport
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E52C6DFF-658B-4AF1-B921-0172BD6FB93E}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» wininet.dll infection search

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  4. gen-hackman
     
    Cleaning:
    Start in safe mode:
    To do this, tap the F8 key as soon as you turn on the PC without stopping.
    A window will open, use the arrow keys to navigate to start in safe mode and then press enter.
    Once on the desktop, if there are no colors and other things, that's normal!
    (If F8 doesn't work, use the F5 key).

    ------------------------------------------------------------­----------------
    Restart the Smitfraud program,
    This time choose option 2, answer yes to all;
    Save the report,
    Restart in normal mode,
    copy/paste the saved report on the forum

    process.exe
    is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool. It is not a virus, but a utility intended to terminate processes. In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.

    Then:

    Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.

    -> http://images.malwareremoval.com/random/RSIT.exe

    ! Log out and close all applications you are currently using!

    Double-click on "RSIT.exe" to launch it.

    -> A first window opens with the title: "Disclaimer of warranty".

    * In front of the option "List files/folders created ...", choose: 2 months

    * then click on "Continue" to start the scan ...

    -> let the scan run and do not touch the PC ...

    When the scan is finished, two text files will open (probably with Notepad).

    Post the contents of "log.txt" (the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps ...

    Important: post one report, then the other in the next reply
    If you try to post both at the same time, it may be too long for the forum

    (Note: the reports will also be saved in this folder -> C:\rsit)

    --
    Be careful with keygens and cracks, Bagle lives there
    Remember to mark it as resolved for others Thank you
                                                      -----g3и-н@¢км@и-----
    0
  5. Sofia37 Posted messages 604 Status Member 39
     
    Here is the SmitFraudFix report in safe mode:

    SmitFraudFix v2.391

    Report made at 18:12:16,15, 20/01/2009
    Executed from C:\Documents and Settings\Sophie\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    The file system type is NTFS
    Fix executed in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Warning, the following keys are not necessarily infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Stopping processes

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    ...

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\Google\googletoolbar1.dll deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E52C6DFF-658B-4AF1-B921-0172BD6FB93E}: NameServer=213.36.80.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temporary Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Warning, the following keys are not necessarily infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Cleaning completed.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Warning, the following keys are not necessarily infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End

    I no longer have Google in Internet Explorer and I ran netstat again and I still have 007guard and IP addresses like: 65.55.xxxxxxx and 213.199.xxxxxx

    I am now continuing with Random's System Information Tool.
    0
  6. gen-hackman
     
    Download HostsXpert to your Desktop:
    http://www.funkytoad.com/download/HostsXpert.zip

    ---> Extract it (Right-click >> Extract here)

    ---> Double-click on HostsXpert to launch it

    ---> Click on the "Restore MS Hosts File" button and then close the program

    PS: Before clicking on the "Restore MS Hosts File" button, make sure the padlock in the top left is open; otherwise, you will get an error message.

    --
    Beware of keygens and cracks, Bagle resides there
    Please remember to mark as resolved for others Thank you
    -----g3и-н@¢ко-----
    0
  7. Sofia37 Posted messages 604 Status Member 39
     
    Here are the reports from RSIT:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Sophie at 2009-01-20 19:08:37
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 24 GB (69%) free of 35 GB
    Total RAM: 1023 MB (61% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:08:42, on 20/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ActivBoard\ABoard.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\ActivBoard\AOSD.exe
    C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\Sophie\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Sophie.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ActivBoard] C:\Program Files\ActivBoard\ABoard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer = 213.36.80.1
    O23 - Service: ABBYY FineReader 9.0 License Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9613 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-16 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-16 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-16 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
    "EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
    "ActivBoard"=C:\Program Files\ActivBoard\ABoard.exe [2003-05-02 24576]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-16 136600]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2009-01-15 171448]
    "Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-02 3399727]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\devolo\informer\devinf.exe"="C:\Program Files\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
    "C:\Program Files\devolo\easyshare\easyshare.exe"="C:\Program Files\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
    "C:\Program Files\Cyberlink\PowerCinema\PowerCinema.exe"="C:\Program Files\Cyberlink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\Program Files\Cyberlink\PowerCinema\PCMService.exe"="C:\Program Files\Cyberlink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffcb7d3a-f820-11dc-afaa-0013d3b6857b}]
    shell\Auto\command - cmd /C launch.bat
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    ======File associations======

    .reg - edit -
    .reg - open -

    ======List of files/folders created in the last 2 months======

    2009-01-20 19:08:37 ----D---- C:\rsit
    2009-01-20 17:45:58 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-20 15:45:00 ----A---- C:\WINDOWS\system32\o4Patch.exe
    2009-01-20 15:45:00 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
    2009-01-20 14:41:57 ----D---- C:\Documents and Settings\Sophie\Application Data\Grisoft
    2009-01-20 13:09:42 ----D---- C:\Program Files\Exterminate It!
    2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\WS2Fix.exe
    2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\VACFix.exe
    2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\IEDFix.exe
    2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
    2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\404Fix.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\VCCLSID.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swxcacls.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swsc.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swreg.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\SrchSTS.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\Process.exe
    2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\dumphive.exe
    2009-01-19 19:10:28 ----HD---- C:\{2426F42A-20BE-4F19-A8A5-640920671123}
    2009-01-19 17:06:55 ----HD---- C:\WINDOWS\PIF
    2009-01-19 17:04:42 ----D---- C:\Program Files\ma-config.com
    2009-01-19 17:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2009-01-17 20:38:30 ----D---- C:\Program Files\ToniArts
    2009-01-17 20:34:27 ----D---- C:\Documents and Settings\Sophie\Application Data\Free Download Manager
    2009-01-17 20:34:24 ----D---- C:\Program Files\Free Download Manager
    2009-01-17 18:21:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-01-17 18:08:24 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
    2009-01-17 18:08:23 ----D---- C:\Program Files\NOS
    2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\java.exe
    2009-01-16 20:15:49 ----D---- C:\Program Files\Java
    2009-01-16 13:31:07 ----D---- C:\Program Files\CCleaner
    2009-01-16 12:35:07 ----A---- C:\TCleaner.txt
    2009-01-16 11:46:26 ----A---- C:\PureRa.txt
    2009-01-14 11:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-01-14 09:21:55 ----D---- C:\Program Files\QUAD Utilities
    2009-01-13 21:05:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-01-13 17:04:11 ----D---- C:\Program Files\Trend Micro
    2009-01-13 12:54:11 ----D---- C:\Program Files\Wireless 802.11g Monitor
    2009-01-12 12:29:30 ----A---- C:\rapport.txt
    2009-01-11 17:41:21 ----A---- C:\resultat_clean.txt
    2009-01-10 17:10:42 ----D---- C:\fsaua.data
    2008-12-30 22:31:18 ----D---- C:\Documents and Settings\Sophie\Application Data\Help
    2008-12-16 14:28:35 ----D---- C:\WINDOWS\AU_Temp
    2008-12-16 14:24:31 ----A---- C:\xscan.txt
    2008-12-13 17:14:32 ----SHD---- C:\RECYCLER
    2008-12-13 13:18:04 ----A---- C:\Boot.bak
    2008-12-13 13:17:57 ----RASHD---- C:\cmdcons
    2008-12-10 14:36:27 ----D---- C:\Program Files\ActivBoard
    2008-12-10 12:21:54 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-12-09 15:10:48 ----D---- C:\Program Files\DVD Shrink
    2008-12-09 15:08:21 ----N---- C:\WINDOWS\UNNeroVision.exe
    2008-12-09 15:08:06 ----N---- C:\WINDOWS\system32\TwnLib4.dll
    2008-12-09 15:08:06 ----N---- C:\WINDOWS\system32\picn20.dll
    2008-12-09 15:06:17 ----D---- C:\Program Files\Ahead
    2008-12-07 11:14:56 ----A---- C:\WINDOWS\system32\hcwutl32.dll
    2008-12-07 11:14:56 ----A---- C:\WINDOWS\system32\hcwi2c32.dll
    2008-12-07 11:14:55 ----D---- C:\Program Files\WinTV
    2008-12-07 11:09:55 ----A---- C:\WINDOWS\HCWPNP.INI
    2008-12-07 11:09:06 ----RA---- C:\WINDOWS\system32\HCW713xMV.dll
    2008-12-04 15:53:55 ----A---- C:\WINDOWS\Multimedia manager.INI
    2008-12-04 14:22:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2008-12-04 14:22:46 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2008-12-04 13:54:00 ----D---- C:\WINDOWS\system32\Samsung
    2008-12-04 13:53:42 ----D---- C:\WINDOWS\system32\Samsung PC Studio Codecs
    2008-11-21 22:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
    2008-11-21 22:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
    2008-11-21 22:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
    2008-11-21 22:46:10 ----A----
    0
  8. Sofia37 Posted messages 604 Status Member 39
     
    et :

    info.txt logfile of random's system information tool 1.05 2009-01-20 19:08:46

    ======Uninstall list======

    -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
    ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
    Absolute Video Converter 2.6.7-->"C:\Program Files\Absolute Video Converter\unins000.exe"
    ActivBoard v1.2-->"C:\Program Files\ActivBoard\unins000.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{BE83EC7F-7519-4036-8B59-ECE494308124}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
    ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    AVIConverter Smart-->C:\Program Files\AVIConverter\uninst.exe
    AVS Video Converter 3.4.3.183-->"C:\Program Files\AVSMedia\VideoConverter3\unins000.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    devolo dLAN - Assistant de configuration-->C:\Program Files\devolo\setup.exe /remove:dlanconf
    devolo EasyClean-->C:\Program Files\devolo\setup.exe /remove:easyclean
    devolo EasyShare-->C:\Program Files\devolo\setup.exe /remove:easyshare
    devolo Informer-->C:\Program Files\devolo\setup.exe /remove:dslmon
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    D-Jix Media-->MsiExec.exe /X{D2449F4E-17DF-4414-8DC8-6FFB96038BE7}
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
    EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
    EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
    EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    ESDX3800 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE
    EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
    Free Download Manager 3.0 Language pack-->"C:\Program Files\Free Download Manager\unins000.exe"
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
    Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    IsoBuster 1.7-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Matroska Playback Pack-->C:\Program Files\Matroska Playback Pack\uninstall.exe
    Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
    Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
    Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
    Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
    Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
    Mozilla Firefox (2.0.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    PowerCinema-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
    QuickTime Alternative 2.4.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
    SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sunbelt Personal Firewall-->MsiExec.exe /X{F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
    TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
    Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x40c
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Wireless 802.11g USB Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FB7E71E-32A3-4A7E-B22A-430CC8AD7029}\setup.exe" -l0x40c
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
    ZebHelpProcess 2.24-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1296 [VPS 090119-0]
    FW: Sunbelt Personal Firewall

    System event log

    Computer Name: DIASSOPHIE
    Event Code: 10005
    Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
    pour démarrer le serveur :
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Record Number: 42416
    Source Name: DCOM
    Time Written: 20090114202220.000000+060
    Event Type: erreur
    User: DIASSOPHIE\Sophie

    Computer Name: DIASSOPHIE
    Event Code: 10005
    Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
    pour démarrer le serveur :
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Record Number: 42415
    Source Name: DCOM
    Time Written: 20090114201955.000000+060
    Event Type: erreur
    User: DIASSOPHIE\Sophie

    Computer Name: DIASSOPHIE
    Event Code: 10005
    Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
    pour démarrer le serveur :
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Record Number: 42414
    Source Name: DCOM
    Time Written: 20090114201308.000000+060
    Event Type: erreur
    User: DIASSOPHIE\Sophie

    Computer Name: DIASSOPHIE
    Event Code: 10005
    Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
    pour démarrer le serveur :
    {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Record Number: 42413
    Source Name: DCOM
    Time Written: 20090114170908.000000+060
    Event Type: erreur
    User: DIASSOPHIE\Sophie

    Application event log

    Computer Name: DIASSOPHIE
    Event Code: 0
    Message:
    Record Number: 2075
    Source Name: CLCapSvc
    Time Written: 20080702120436.000000+120
    Event Type: Informations
    User:

    Computer Name: DIASSOPHIE
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 2074
    Source Name: SecurityCenter
    Time Written: 20080702120435.000000+120
    Event Type: Informations
    User:

    Computer Name: DIASSOPHIE
    Event Code: 0
    Message:
    Record Number: 2073
    Source Name: RichVideo
    Time Written: 20080702120433.000000+120
    Event Type:Informations
    User:

    Computer Name: DIASSOPHIE
    Event Code: 105
    Message: The service was started.

    Record Number: 2072
    Source Name: ATI Smart
    Time Written: 20080702120426.000000+120
    Event Type: Informations
    User:

    Computer Name: DIASSOPHIE
    Event Code: 2002
    Message:
    Record Number: 2071
    Source Name: EAPOL
    Time Written: 20080701192730.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Samsung\Samsung PC Studio 3\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    0
  9. Sofia37 Posted messages 604 Status Member 39
     
    After using HostsXpert,
    I no longer have 007guard in netstat. Great, thanks.
    However, I'm not sure if it's normal, I have at least fifty localhost with ports and several 65.55.xx.xx.
    0
  10. gen-hackman
     
    --> Download UsbFix (from Chiquitine29) to your Desktop:
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Run the installation with the default settings.

    --> Connect your external data sources to your PC (USB stick, external hard drive, etc...) without opening them.

    --> Double-click on the UsbFix shortcut on your Desktop.

    --> The PC will restart.

    --> After the restart, post the UsbFix.txt report

    Note: the UsbFix.txt report is saved at the root of the disk.

    (If the Desktop does not reappear, press Ctrl+Alt+Del, Tab "File", "New task", type explorer.exe and confirm)

    --
    Be careful with keygens and cracks, Bagle lives there
    Please remember to mark as resolved for others Thank you
                                                      -----g3и-н@¢км@и-----
    0
  11. Sofia37 Posted messages 604 Status Member 39
     
    Sorry Gen Hackmann but I can't download UsbFix from this link.
    0
  12. Sofia37 Posted messages 604 Status Member 39
     
    gen hackman, you didn’t let me down, did you?
    0
  13. Sofia37 Posted messages 604 Status Member 39
     
    Well, everything is fine now, I managed to get Internet Explorer 7 and my Google toolbar back. Next problem, I’m resetting.
    Thanks anyway and have a nice day.
    0