Infection by 007guard
Solved
Sofia37
Posted messages
604
Status
Member
-
Sofia37 Posted messages 604 Status Member -
Sofia37 Posted messages 604 Status Member -
Hello,
I noticed recently that my internet speed is slow!
Thinking about a usage of my bandwidth by a third party, I executed "netstat" in the command prompt... and it displayed several connections to ports connected to a certain ww.007guard.com
I was helped recently for a Bagle disinfection but still my connection went down from 6 to 1 mg
There you go, thank you in advance for your future response.
I noticed recently that my internet speed is slow!
Thinking about a usage of my bandwidth by a third party, I executed "netstat" in the command prompt... and it displayed several connections to ports connected to a certain ww.007guard.com
I was helped recently for a Bagle disinfection but still my connection went down from 6 to 1 mg
There you go, thank you in advance for your future response.
Configuration: Windows XP Internet Explorer 7.0
13 answers
-
Hi Gen, Sofia
* You won't be able to download USBfix because Chiquitine needs to review the tool!
* See the CCMistes desktop --> messages from V_X -
Hello :
Download Smitfraudfix by S!RI :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Unzip the archive
Run it by double-clicking on Smitfraudfix.cmd
Press any key to continue
At the command prompt, type the letter L to switch the fix to French
In the menu, choose option 4 then 1: Search
Post the generated report
--
Be careful with keygens and cracks, Bagle resides there
Remember to mark as resolved for others Thank you
-----g3и-н@¢км@и----- -
Thank you for helping me again gen-hackman,
Here is the report:
SmitFraudFix v2.391
Report made at 15:51:56.95, 20/01/2009
Executed from C:\Documents and Settings\Sophie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ActivBoard\ABoard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ActivBoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Corrupted hosts file!
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sophie
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sophie\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sophie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sophie\Favorites
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Google\googletoolbar1.dll PRESENT!
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop items
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, the following keys are not necessarily infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, the following keys are not necessarily infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, the following keys are not necessarily infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, the following keys are not necessarily infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, the following keys are not necessarily infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Fast Ethernet PCI Realtek RTL8139 Network Card - Packet scheduling miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E52C6DFF-658B-4AF1-B921-0172BD6FB93E}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» wininet.dll infection search
»»»»»»»»»»»»»»»»»»»»»»»» End -
Cleaning:
Start in safe mode:
To do this, tap the F8 key as soon as you turn on the PC without stopping.
A window will open, use the arrow keys to navigate to start in safe mode and then press enter.
Once on the desktop, if there are no colors and other things, that's normal!
(If F8 doesn't work, use the F5 key).
----------------------------------------------------------------------------
Restart the Smitfraud program,
This time choose option 2, answer yes to all;
Save the report,
Restart in normal mode,
copy/paste the saved report on the forum
process.exe
is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool. It is not a virus, but a utility intended to terminate processes. In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
Then:
Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.
-> http://images.malwareremoval.com/random/RSIT.exe
! Log out and close all applications you are currently using!
Double-click on "RSIT.exe" to launch it.
-> A first window opens with the title: "Disclaimer of warranty".
* In front of the option "List files/folders created ...", choose: 2 months
* then click on "Continue" to start the scan ...
-> let the scan run and do not touch the PC ...
When the scan is finished, two text files will open (probably with Notepad).
Post the contents of "log.txt" (the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for the next steps ...
Important: post one report, then the other in the next reply
If you try to post both at the same time, it may be too long for the forum
(Note: the reports will also be saved in this folder -> C:\rsit)
--
Be careful with keygens and cracks, Bagle lives there
Remember to mark it as resolved for others Thank you
-----g3и-н@¢км@и----- -
Here is the SmitFraudFix report in safe mode:
SmitFraudFix v2.391
Report made at 18:12:16,15, 20/01/2009
Executed from C:\Documents and Settings\Sophie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Warning, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Stopping processes
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Google\googletoolbar1.dll deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer=213.36.80.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E52C6DFF-658B-4AF1-B921-0172BD6FB93E}: NameServer=213.36.80.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4BEBBCAD-991B-432B-8814-833C2734FBAB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{80093F01-0A16-4878-9174-BEA57A6CFEEB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temporary Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Warning, the following keys are not necessarily infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Cleaning completed.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Warning, the following keys are not necessarily infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
I no longer have Google in Internet Explorer and I ran netstat again and I still have 007guard and IP addresses like: 65.55.xxxxxxx and 213.199.xxxxxx
I am now continuing with Random's System Information Tool. -
Download HostsXpert to your Desktop:
http://www.funkytoad.com/download/HostsXpert.zip
---> Extract it (Right-click >> Extract here)
---> Double-click on HostsXpert to launch it
---> Click on the "Restore MS Hosts File" button and then close the program
PS: Before clicking on the "Restore MS Hosts File" button, make sure the padlock in the top left is open; otherwise, you will get an error message.
--
Beware of keygens and cracks, Bagle resides there
Please remember to mark as resolved for others Thank you
-----g3и-н@¢ко----- -
Here are the reports from RSIT:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Sophie at 2009-01-20 19:08:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (69%) free of 35 GB
Total RAM: 1023 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:42, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ActivBoard\ABoard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ActivBoard\AOSD.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Sophie\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sophie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ActivBoard] C:\Program Files\ActivBoard\ABoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5A37B1-973F-451D-9430-518761143B3E}: NameServer = 213.36.80.1
O23 - Service: ABBYY FineReader 9.0 License Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9613 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Maintenance en 1 clic.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-16 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-16 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-16 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE [2005-02-08 98304]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"ActivBoard"=C:\Program Files\ActivBoard\ABoard.exe [2003-05-02 24576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-16 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2009-01-15 171448]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-02 3399727]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\devolo\informer\devinf.exe"="C:\Program Files\devolo\informer\devinf.exe:*:Enabled:devolo Informer"
"C:\Program Files\devolo\easyshare\easyshare.exe"="C:\Program Files\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare"
"C:\Program Files\Cyberlink\PowerCinema\PowerCinema.exe"="C:\Program Files\Cyberlink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Program Files\Cyberlink\PowerCinema\PCMService.exe"="C:\Program Files\Cyberlink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffcb7d3a-f820-11dc-afaa-0013d3b6857b}]
shell\Auto\command - cmd /C launch.bat
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
======File associations======
.reg - edit -
.reg - open -
======List of files/folders created in the last 2 months======
2009-01-20 19:08:37 ----D---- C:\rsit
2009-01-20 17:45:58 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-20 15:45:00 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-01-20 15:45:00 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-01-20 14:41:57 ----D---- C:\Documents and Settings\Sophie\Application Data\Grisoft
2009-01-20 13:09:42 ----D---- C:\Program Files\Exterminate It!
2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-01-20 12:59:16 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swsc.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\swreg.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\Process.exe
2009-01-20 12:59:15 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-01-19 19:10:28 ----HD---- C:\{2426F42A-20BE-4F19-A8A5-640920671123}
2009-01-19 17:06:55 ----HD---- C:\WINDOWS\PIF
2009-01-19 17:04:42 ----D---- C:\Program Files\ma-config.com
2009-01-19 17:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-01-17 20:38:30 ----D---- C:\Program Files\ToniArts
2009-01-17 20:34:27 ----D---- C:\Documents and Settings\Sophie\Application Data\Free Download Manager
2009-01-17 20:34:24 ----D---- C:\Program Files\Free Download Manager
2009-01-17 18:21:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-17 18:08:24 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-01-17 18:08:23 ----D---- C:\Program Files\NOS
2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-16 20:16:11 ----A---- C:\WINDOWS\system32\java.exe
2009-01-16 20:15:49 ----D---- C:\Program Files\Java
2009-01-16 13:31:07 ----D---- C:\Program Files\CCleaner
2009-01-16 12:35:07 ----A---- C:\TCleaner.txt
2009-01-16 11:46:26 ----A---- C:\PureRa.txt
2009-01-14 11:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 09:21:55 ----D---- C:\Program Files\QUAD Utilities
2009-01-13 21:05:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-13 17:04:11 ----D---- C:\Program Files\Trend Micro
2009-01-13 12:54:11 ----D---- C:\Program Files\Wireless 802.11g Monitor
2009-01-12 12:29:30 ----A---- C:\rapport.txt
2009-01-11 17:41:21 ----A---- C:\resultat_clean.txt
2009-01-10 17:10:42 ----D---- C:\fsaua.data
2008-12-30 22:31:18 ----D---- C:\Documents and Settings\Sophie\Application Data\Help
2008-12-16 14:28:35 ----D---- C:\WINDOWS\AU_Temp
2008-12-16 14:24:31 ----A---- C:\xscan.txt
2008-12-13 17:14:32 ----SHD---- C:\RECYCLER
2008-12-13 13:18:04 ----A---- C:\Boot.bak
2008-12-13 13:17:57 ----RASHD---- C:\cmdcons
2008-12-10 14:36:27 ----D---- C:\Program Files\ActivBoard
2008-12-10 12:21:54 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-09 15:10:48 ----D---- C:\Program Files\DVD Shrink
2008-12-09 15:08:21 ----N---- C:\WINDOWS\UNNeroVision.exe
2008-12-09 15:08:06 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2008-12-09 15:08:06 ----N---- C:\WINDOWS\system32\picn20.dll
2008-12-09 15:06:17 ----D---- C:\Program Files\Ahead
2008-12-07 11:14:56 ----A---- C:\WINDOWS\system32\hcwutl32.dll
2008-12-07 11:14:56 ----A---- C:\WINDOWS\system32\hcwi2c32.dll
2008-12-07 11:14:55 ----D---- C:\Program Files\WinTV
2008-12-07 11:09:55 ----A---- C:\WINDOWS\HCWPNP.INI
2008-12-07 11:09:06 ----RA---- C:\WINDOWS\system32\HCW713xMV.dll
2008-12-04 15:53:55 ----A---- C:\WINDOWS\Multimedia manager.INI
2008-12-04 14:22:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-04 14:22:46 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-04 13:54:00 ----D---- C:\WINDOWS\system32\Samsung
2008-12-04 13:53:42 ----D---- C:\WINDOWS\system32\Samsung PC Studio Codecs
2008-11-21 22:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 22:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 22:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 22:46:10 ----A---- -
et :
info.txt logfile of random's system information tool 1.05 2009-01-20 19:08:46
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Absolute Video Converter 2.6.7-->"C:\Program Files\Absolute Video Converter\unins000.exe"
ActivBoard v1.2-->"C:\Program Files\ActivBoard\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{BE83EC7F-7519-4036-8B59-ECE494308124}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVIConverter Smart-->C:\Program Files\AVIConverter\uninst.exe
AVS Video Converter 3.4.3.183-->"C:\Program Files\AVSMedia\VideoConverter3\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
devolo dLAN - Assistant de configuration-->C:\Program Files\devolo\setup.exe /remove:dlanconf
devolo EasyClean-->C:\Program Files\devolo\setup.exe /remove:easyclean
devolo EasyShare-->C:\Program Files\devolo\setup.exe /remove:easyshare
devolo Informer-->C:\Program Files\devolo\setup.exe /remove:dslmon
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Jix Media-->MsiExec.exe /X{D2449F4E-17DF-4414-8DC8-6FFB96038BE7}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX3800 Guide d'utilisation-->C:\Program Files\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Free Download Manager 3.0 Language pack-->"C:\Program Files\Free Download Manager\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IsoBuster 1.7-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Ma-Config.com-->MsiExec.exe /X{EC7FE2ED-F305-41B7-90B8-3DAE9E35307A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Playback Pack-->C:\Program Files\Matroska Playback Pack\uninstall.exe
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (2.0.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
PowerCinema-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
QuickTime Alternative 2.4.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SimpleOCR 3.1-->C:\PROGRA~1\SIMPLE~1\UNWISE.EXE C:\PROGRA~1\SIMPLE~1\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunbelt Personal Firewall-->MsiExec.exe /X{F61A549E-9C8A-4859-8BFE-2A4A018BBA4A}
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x40c
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless 802.11g USB Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FB7E71E-32A3-4A7E-B22A-430CC8AD7029}\setup.exe" -l0x40c
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
ZebHelpProcess 2.24-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090119-0]
FW: Sunbelt Personal Firewall
System event log
Computer Name: DIASSOPHIE
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
pour démarrer le serveur :
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Record Number: 42416
Source Name: DCOM
Time Written: 20090114202220.000000+060
Event Type: erreur
User: DIASSOPHIE\Sophie
Computer Name: DIASSOPHIE
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
pour démarrer le serveur :
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Record Number: 42415
Source Name: DCOM
Time Written: 20090114201955.000000+060
Event Type: erreur
User: DIASSOPHIE\Sophie
Computer Name: DIASSOPHIE
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
pour démarrer le serveur :
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Record Number: 42414
Source Name: DCOM
Time Written: 20090114201308.000000+060
Event Type: erreur
User: DIASSOPHIE\Sophie
Computer Name: DIASSOPHIE
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
pour démarrer le serveur :
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Record Number: 42413
Source Name: DCOM
Time Written: 20090114170908.000000+060
Event Type: erreur
User: DIASSOPHIE\Sophie
Application event log
Computer Name: DIASSOPHIE
Event Code: 0
Message:
Record Number: 2075
Source Name: CLCapSvc
Time Written: 20080702120436.000000+120
Event Type: Informations
User:
Computer Name: DIASSOPHIE
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2074
Source Name: SecurityCenter
Time Written: 20080702120435.000000+120
Event Type: Informations
User:
Computer Name: DIASSOPHIE
Event Code: 0
Message:
Record Number: 2073
Source Name: RichVideo
Time Written: 20080702120433.000000+120
Event Type:Informations
User:
Computer Name: DIASSOPHIE
Event Code: 105
Message: The service was started.
Record Number: 2072
Source Name: ATI Smart
Time Written: 20080702120426.000000+120
Event Type: Informations
User:
Computer Name: DIASSOPHIE
Event Code: 2002
Message:
Record Number: 2071
Source Name: EAPOL
Time Written: 20080701192730.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF----------------- -
After using HostsXpert,
I no longer have 007guard in netstat. Great, thanks.
However, I'm not sure if it's normal, I have at least fifty localhost with ports and several 65.55.xx.xx. -
--> Download UsbFix (from Chiquitine29) to your Desktop:
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Run the installation with the default settings.
--> Connect your external data sources to your PC (USB stick, external hard drive, etc...) without opening them.
--> Double-click on the UsbFix shortcut on your Desktop.
--> The PC will restart.
--> After the restart, post the UsbFix.txt report
Note: the UsbFix.txt report is saved at the root of the disk.
(If the Desktop does not reappear, press Ctrl+Alt+Del, Tab "File", "New task", type explorer.exe and confirm)
--
Be careful with keygens and cracks, Bagle lives there
Please remember to mark as resolved for others Thank you
-----g3и-н@¢км@и----- -
Sorry Gen Hackmann but I can't download UsbFix from this link.
-
-
Well, everything is fine now, I managed to get Internet Explorer 7 and my Google toolbar back. Next problem, I’m resetting.
Thanks anyway and have a nice day.