How to remove my trojan virus:win32/si... Solved

Question

Hello, I think I have a virus named Tojan:Win32/Sirefef.S and another name Tojan:Win64/Sirefef.E or D. Can you help me because my computer is acting weird and essential security keeps telling me to clean the computer every time.    Configuration: Windows 7 / Safari 535.2

^^Marie^^ · Accepted Answer

Wait for a competent person to come disinfect you instead of doing just anything. -- I walked into CCM, a cigarette in one hand, the © flip-flops © in the other hand the ***** naked under the shirt Hi Top... Don't be too far away

billmaxime · Answer

Hi if your antivirus finds viruses, put them in quarantine and then delete them.

^^Marie^^ · Answer

Hello  billmaxime Nov 27, 2011 at 1:01 PM hi if your antivirus finds the viruses, put them in quarantine and then delete them  It won't be of any use. It won't delete the source. -- I logged into CCM, cigarette in one hand, flip-flops in the other hand ***** naked under the shirt Hi Top ... Don't be too far away

^^Marie^^ · Answer

billmaxime - Nov 27, 2011 at 1:14 PM does a restore to a previous date  Even less ..... It will be useless the virus is installed. -- I entered CCM, cigarette in one hand, flip-flops in the other hand ***** naked under the shirt Hi Top ... Don't stay too far away

bryanoulet · Answer

Il m'a dit qu'il est un trouveur, mais il ne m'a pas dit son nom.

juju666 · Answer

Hello A restoration on sirefef ?!? /!\ Do not use this software outside the scope of this disinfection: DANGEROUS /!\ ▶ Right-click on the link below, choose "Save link target as," set the destination to your Desktop, and rename it (for example, your_pseudo.exe): http://download.bleepingcomputer.com/sUBs/ComboFix.exe ▶ Double-click on ComboFix.exe ♦ Do not touch anything (mouse, keyboard) until the scan is complete, as you risk crashing your PC ▶ At the end of the scan, ComboFix may need to restart the PC to complete the disinfection, let it do so. ▶ Once the scan is finished, a report will display: Post its content Notes: ♦ The report can also be found here: C:\ComboFix.txt ♦ combofix tutorial -- .::. Security Contributor .::.

bryanoulet · Answer

ComboFix 11-11-26.04 - Bryan 27/11/2011 4:45.1.2 - x86 Microsoft Windows 7 Ultimate Edition 6.1.7601.1.1252.33.1033.18.1022.396 [GMT -8:00] Launched from: c:\users\Bryan\Desktop\bryan.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Other deletions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bryan\AppData\Local\2a6fafaf\X c:\users\Bryan\AppData\Roaming\WinDir c:\users\Bryan\AppData\Roaming\WinDir\winlogon.exe c:\users\Bryan\AppData\Roaming\winlogon.exe c:\windows\$NtUninstallKB31295$\658559622 c:\windows\$NtUninstallKB31295$\711962543\@ c:\windows\$NtUninstallKB31295$\711962543\L\xadqgnnk c:\windows\$NtUninstallKB31295$\711962543\loader.tlb c:\windows\$NtUninstallKB31295$\711962543\U\@00000001 c:\windows\$NtUninstallKB31295$\711962543\U\@000000c0 c:\windows\$NtUninstallKB31295$\711962543\U\@000000cb c:\windows\$NtUninstallKB31295$\711962543\U\@000000cf c:\windows\$NtUninstallKB31295$\711962543\U\@80000000 c:\windows\$NtUninstallKB31295$\711962543\U\@800000c0 c:\windows\$NtUninstallKB31295$\711962543\U\@800000cb c:\windows\$NtUninstallKB31295$\711962543\U\@800000cf c:\windows\system32\ c:\windows\system32\c_90155.nls c:\windows\$NtUninstallKB31295$ . . . . unable to delete . . ((((((((((((((((((((((((((((( Files created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))))))) . . 2011-11-27 12:53 . 2011-11-27 12:53 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\MpKsl07a38d3e.sys 2011-11-27 12:23 . 2011-11-27 12:23 -------- d-----w- c:\programdata\PC Tools 2011-11-27 12:04 . 2011-11-27 12:04 -------- d-----w- c:\program files\CCleaner 2011-11-26 20:18 . 2011-10-07 04:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\mpengine.dll 2011-11-26 19:50 . 2011-11-26 19:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-11-26 18:41 . 2011-11-26 18:41 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-11-26 18:29 . 2011-11-26 19:20 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-26 18:29 . 2011-11-26 19:20 264736 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-26 18:29 . 2011-11-26 18:29 86696 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-11-24 23:28 . 2011-11-26 19:44 -------- d-----w- c:\program files\Microsoft Works 2011-11-24 23:25 . 2011-11-24 23:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-11-24 23:24 . 2011-11-26 19:56 -------- d-----w- c:\programdata\Microsoft Help 2011-11-24 23:23 . 2011-11-24 23:23 -------- d-----r- C:\MSOCache 2011-11-24 22:56 . 2011-11-24 22:56 -------- d-----w- c:\program files\Conduit 2011-11-24 04:45 . 2011-11-24 05:01 -------- d-----w- c:\programdata\Origin 2011-11-24 04:45 . 2011-11-24 04:45 -------- d-----w- c:\programdata\Electronic Arts 2011-11-24 04:45 . 2011-11-24 04:45 -------- d-----w- c:\program files\Origin Games 2011-11-24 04:44 . 2011-11-24 04:50 -------- d-----w- c:\program files\Origin 2011-11-24 00:27 . 2011-11-26 19:20 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-11-24 00:21 . 2011-11-26 18:29 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-23 23:50 . 2011-11-23 23:50 -------- d-----w- c:\program files\EA Games 2011-11-23 23:38 . 2011-11-26 18:43 -------- d-----w- c:\program files\Microsoft LifeCam 2011-11-23 23:38 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2011-11-23 23:38 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2011-11-23 23:36 . 2011-11-23 23:36 -------- d-----w- c:\program files\Common Files\Java 2011-11-23 05:21 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-23 05:21 . 2011-11-23 23:36 -------- d-----w- c:\program files\Java 2011-11-23 05:05 . 2011-11-23 05:05 -------- d-----w- c:\program files\VS Revo Group 2011-11-23 04:58 . 2011-11-23 04:58 -------- d-----w- c:\program files\Common Files\InstallShield 2011-11-23 04:58 . 2003-03-26 10:11 155648 ----a-w- c:\windows\system32\flashshl.dll 2011-11-23 04:58 . 2003-03-25 20:42 274432 ----a-w- c:\windows\system32\lxblf2k.dll 2011-11-23 04:58 . 2003-03-25 20:29 208896 ----a-w- c:\windows\system32\smshell.dll 2011-11-23 04:57 . 2002-10-30 15:20 21504 ----a-w- c:\windows\LXBLSET.EXE 2011-11-23 04:57 . 2001-03-15 08:06 4608 ----a-w- c:\windows\DelShell.exe 2011-11-23 04:57 . 2011-11-23 04:59 -------- d-----w- c:\program files\Lexmark 2011-11-23 04:57 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\windows\system32\SPReview 2011-11-23 02:16 . 2011-11-23 02:16 -------- d-----w- c:\windows\system32\EventProviders 2011-11-23 01:55 . 2010-11-20 12:21 1128448 ----a-w- c:\windows\system32\vssapi.dll 2011-11-23 01:54 . 2010-11-20 12:30 130432 ----a-w- c:\windows\system32\drivers\mpio.sys 2011-11-23 01:53 . 2010-11-20 12:21 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2011-11-23 01:43 . 2011-11-23 01:43 -------- d-----w- c:\windows\fr 2011-11-23 01:42 . 2011-11-23 01:42 -------- dc----w- c:\windows\system32\DRVSTORE 2011-11-23 01:42 . 2011-05-13 23:27 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-11-23 01:40 . 2011-11-23 01:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-11-23 01:37 . 2011-11-23 01:37 -------- d-----w- c:\windows\PCHEALTH 2011-11-23 01:35 . 2011-11-23 01:43 -------- d-----w- c:\program files\Windows Live 2011-11-23 01:33 . 2011-11-23 01:33 -------- d-----w- c:\program files\Microsoft 2011-11-23 01:33 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-11-23 01:33 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-11-23 01:33 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-11-23 01:31 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-11-23 01:20 . 2011-11-23 01:20 -------- d-----w- C:\e6860d116c3b55baf18e44a1f19aa7 2011-11-23 01:18 . 2011-11-23 01:18 -------- d-----w- c:\program files\Common Files\Windows Live 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\fr-FR 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\XPSViewer 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\040C 2011-11-22 06:03 . 2011-11-23 02:39 -------- d-----w- c:\windows\system32\drivers\fr-FR 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\fr 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2011-11-22 06:03 . 2011-11-23 02:39 -------- d-----w- c:\windows\system32\wbem\fr-FR 2011-11-22 05:18 . 2011-11-22 05:18 -------- d-----w- c:\programdata\NVIDIA 2011-11-22 05:12 . 2011-10-07 04:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-22 05:08 . 2011-11-22 05:08 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-11-22 05:08 . 2011-11-22 05:09 -------- d-----w- c:\program files\NVIDIA Corporation 2011-11-22 05:06 . 2011-11-22 05:06 -------- d-----w- c:\program files\Microsoft Silverlight 2011-11-22 04:25 . 2009-07-14 02:38 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\fr-FR\LXKPTPRC.DLL.mui 2011-11-22 03:59 . 2011-11-22 03:59 -------- d-----w- c:\program files\Lexmark Z700-P700 Series 2011-11-21 06:04 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-11-21 05:52 . 2011-11-21 05:51 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C183062-BE20-4EC3-958B-8419700C98E1}\gapaengine.dll 2011-11-21 05:28 . 2011-11-21 05:29 -------- d-----w- c:\program files\Microsoft Security Client 2011-11-21 05:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-21 05:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-11-21 05:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers	cpip.sys 2011-11-21 05:09 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-11-21 05:09 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-11-21 05:03 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-11-21 05:03 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-11-21 05:03 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll 2011-11-21 05:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-11-21 05:01 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-11-21 05:01 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-11-21 04:56 . 2011-11-26 18:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-21 04:55 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94306E9F-D96E-4A04-82AC-D622FB3E213D}\mpengine.dll 2011-11-21 04:55 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-21 04:53 . 2011-11-21 04:53 -------- d-----w- c:\windows\system32\Macromed 2011-11-21 04:45 . 2010-11-04 00:00 66572 ----a-w- c:\windows\system32\HerculesWiFiService.exe 2011-11-21 04:44 . 2011-11-26 19:56 -------- d-sh--w- c:\windows\Installer 2011-11-21 04:44 . 2011-11-21 04:44 -------- d-----w- c:\windows\Hercules WiFiN 2011-11-21 04:44 . 2011-11-21 04:44 -------- d-----w- c:\program files\Hercules 2011-11-21 04:44 . 2011-11-23 04:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2011-11-21 04:37 . 2011-11-24 23:18 -------- d-----w- c:\windows\system32\wbem\Performance 2011-11-21 04:33 . 2011-11-27 09:47 -------- d-----w- c:\users\Bryan 2011-11-21 04:29 . 2011-11-21 04:29 -------- d-----w- C:\Recovery 2011-11-21 04:14 . 2011-11-27 12:05 -------- d-----w- c:\windows\Panther 2011-11-21 04:08 . 2011-11-21 04:08 -------- d-----w- C:\Windows.old 2011-11-20 15:35 . 2011-11-20 15:35 -------- d-----w- C:\extensions 2011-11-20 14:27 . 2011-11-20 14:27 -------- d-----w- C:\NVIDIA . . . (((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 02:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-11-23 01:36 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((( Reg Load Points )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty items & legitimate initial items are not listed REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="c:\users\Bryan\Desktop\sdsetup_revwire207.exe" [2011-11-27 512992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "LXBLKsk"="c:\progra~1\Lexmark\PHOTOC~1\LXBLKsk.exe" [2003-03-26 294912] "MemoryCardManager"="c:\program files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe" [2003-04-29 122880] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WiFi Station.lnk - c:\program files\Hercules\WiFiStation\WiFiN.exe [2011-11-20 130856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] . . --- Other Services/Drivers in memory --- . *NewlyCreated* - MPKSL07A38D3E . Contents of the 'Scheduled Tasks' folder . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1557570581-2628441880-798532411-1000Core.job - c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 05:00] . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1557570581-2628441880-798532411-1000UA.job - c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 05:00] . . ------- Additional scan ------- . uStart Page = hxxp://www.google.fr/ IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file) . . . --------------------- BLOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1557570581-2628441880-798532411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1557570581-2628441880-798532411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other active processes ------------------------ . c:\windows\system32
vvsvc.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32
vvsvc.exe c:\windows\System32\LEXBCES.EXE c:\windows\System32\LEXPPS.EXE c:\windows\system32	askhost.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\WUDFHost.exe c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\conhost.exe c:\program files\Lexmark\Photo Card Reader\lxblksk.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . End time: 2011-11-27 04:59:19 - The machine has restarted ComboFix-quarantined-files.txt 2011-11-27 12:59 . Before-CF: 71 452 770 304 bytes free After-CF: 71 118 860 288 bytes free . - - End Of File - - 8D894E25BEA08F021363E722F31728E3

juju666 · Answer

Alright.  Run a ComboFix again to see --  .::. Security Contributor .::.

bryanoulet · Answer

I'm following up with him again.

bryanoulet · Answer

Here I have followed up with him.

bryanoulet · Answer

and it does the same thing as before but faster

bryanoulet · Answer

I think he has gone.

bryanoulet · Answer

Well, thank you, because he disappeared.

juju666 · Answer

wait.  post the report. --  .::. Security Contributor .::.

bryanoulet · Answer

ComboFix 11-11-26.04 - Bryan 27/11/2011 5:18.2.2 - x86 Microsoft Windows 7 Ultimate Edition 6.1.7601.1.1252.33.1033.18.1022.260 [GMT -8:00] Running from: c:\users\Bryan\Desktop\bryan.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Files created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))))))) . . 2011-11-27 13:24 . 2011-11-27 13:24 -------- d-----w- c:\users\Default\AppData\Local	emp 2011-11-27 12:53 . 2011-11-27 12:53 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\MpKsl07a38d3e.sys 2011-11-27 12:43 . 2011-11-27 12:43 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\MpKslf99c5131.sys 2011-11-27 12:43 . 2011-11-27 12:53 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\offreg.dll 2011-11-27 12:29 . 2010-11-20 10:01 164864 ----a-w- c:\windows\system32\drivers\1394ohci.sys 2011-11-27 12:23 . 2011-11-27 12:23 -------- d-----w- c:\programdata\PC Tools 2011-11-27 12:04 . 2011-11-27 12:04 -------- d-----w- c:\program files\CCleaner 2011-11-26 20:18 . 2011-10-07 04:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68A77FCD-5147-4A73-90E0-EBB8578F7D75}\mpengine.dll 2011-11-26 19:50 . 2011-11-26 19:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-11-26 18:41 . 2011-11-26 18:41 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-11-26 18:29 . 2011-11-26 19:20 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-11-26 18:29 . 2011-11-26 19:20 264736 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-11-26 18:29 . 2011-11-26 18:29 86696 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-11-24 23:28 . 2011-11-26 19:44 -------- d-----w- c:\program files\Microsoft Works 2011-11-24 23:25 . 2011-11-24 23:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-11-24 23:24 . 2011-11-26 19:56 -------- d-----w- c:\programdata\Microsoft Help 2011-11-24 23:23 . 2011-11-24 23:23 -------- d-----r- C:\MSOCache 2011-11-24 22:56 . 2011-11-24 22:56 -------- d-----w- c:\program files\Conduit 2011-11-24 04:45 . 2011-11-24 05:01 -------- d-----w- c:\programdata\Origin 2011-11-24 04:45 . 2011-11-24 04:45 -------- d-----w- c:\programdata\Electronic Arts 2011-11-24 04:45 . 2011-11-24 04:45 -------- d-----w- c:\program files\Origin Games 2011-11-24 04:44 . 2011-11-24 04:50 -------- d-----w- c:\program files\Origin 2011-11-24 00:27 . 2011-11-26 19:20 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-11-24 00:21 . 2011-11-26 18:29 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-23 23:50 . 2011-11-23 23:50 -------- d-----w- c:\program files\EA Games 2011-11-23 23:38 . 2011-11-26 18:43 -------- d-----w- c:\program files\Microsoft LifeCam 2011-11-23 23:38 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2011-11-23 23:38 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2011-11-23 23:36 . 2011-11-23 23:36 -------- d-----w- c:\program files\Common Files\Java 2011-11-23 05:21 . 2011-10-03 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-23 05:21 . 2011-11-23 23:36 -------- d-----w- c:\program files\Java 2011-11-23 05:05 . 2011-11-23 05:05 -------- d-----w- c:\program files\VS Revo Group 2011-11-23 04:58 . 2011-11-23 04:58 -------- d-----w- c:\program files\Common Files\InstallShield 2011-11-23 04:58 . 2003-03-26 10:11 155648 ----a-w- c:\windows\system32\flashshl.dll 2011-11-23 04:58 . 2003-03-25 20:42 274432 ----a-w- c:\windows\system32\lxblf2k.dll 2011-11-23 04:58 . 2003-03-25 20:29 208896 ----a-w- c:\windows\system32\smshell.dll 2011-11-23 04:57 . 2002-10-30 15:20 21504 ----a-w- c:\windows\LXBLSET.EXE 2011-11-23 04:57 . 2001-03-15 08:06 4608 ----a-w- c:\windows\DelShell.exe 2011-11-23 04:57 . 2011-11-23 04:59 -------- d-----w- c:\program files\Lexmark 2011-11-23 04:57 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe 2011-11-23 02:17 . 2011-11-23 02:17 -------- d-----w- c:\windows\system32\SPReview 2011-11-23 02:16 . 2011-11-23 02:16 -------- d-----w- c:\windows\system32\EventProviders 2011-11-23 01:55 . 2010-11-20 12:21 1128448 ----a-w- c:\windows\system32\vssapi.dll 2011-11-23 01:54 . 2010-11-20 12:30 130432 ----a-w- c:\windows\system32\drivers\mpio.sys 2011-11-23 01:53 . 2010-11-20 12:21 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2011-11-23 01:43 . 2011-11-23 01:43 -------- d-----w- c:\windows\fr 2011-11-23 01:42 . 2011-11-23 01:42 -------- dc----w- c:\windows\system32\DRVSTORE 2011-11-23 01:42 . 2011-05-13 23:27 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-11-23 01:40 . 2011-11-23 01:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-11-23 01:37 . 2011-11-23 01:37 -------- d-----w- c:\windows\PCHEALTH 2011-11-23 01:35 . 2011-11-23 01:43 -------- d-----w- c:\program files\Windows Live 2011-11-23 01:33 . 2011-11-23 01:33 -------- d-----w- c:\program files\Microsoft 2011-11-23 01:33 . 2009-09-05 01:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2011-11-23 01:33 . 2009-09-05 01:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2011-11-23 01:33 . 2009-09-05 01:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-11-23 01:31 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-11-23 01:20 . 2011-11-23 01:20 -------- d-----w- C:\e6860d116c3b55baf18e44a1f19aa7 2011-11-23 01:18 . 2011-11-23 01:18 -------- d-----w- c:\program files\Common Files\Windows Live 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\fr-FR 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\XPSViewer 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\040C 2011-11-22 06:03 . 2011-11-23 02:39 -------- d-----w- c:\windows\system32\drivers\fr-FR 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\fr 2011-11-22 06:03 . 2011-11-22 06:03 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2011-11-22 06:03 . 2011-11-23 02:39 -------- d-----w- c:\windows\system32\wbem\fr-FR 2011-11-22 05:18 . 2011-11-22 05:18 -------- d-----w- c:\programdata\NVIDIA 2011-11-22 05:12 . 2011-10-07 04:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-22 05:08 . 2011-11-22 05:08 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-11-22 05:08 . 2011-11-22 05:09 -------- d-----w- c:\program files\NVIDIA Corporation 2011-11-22 05:06 . 2011-11-22 05:06 -------- d-----w- c:\program files\Microsoft Silverlight 2011-11-22 04:25 . 2009-07-14 02:38 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\fr-FR\LXKPTPRC.DLL.mui 2011-11-22 03:59 . 2011-11-22 03:59 -------- d-----w- c:\program files\Lexmark Z700-P700 Series 2011-11-21 06:04 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-11-21 05:52 . 2011-11-21 05:51 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C183062-BE20-4EC3-958B-8419700C98E1}\gapaengine.dll 2011-11-21 05:28 . 2011-11-21 05:29 -------- d-----w- c:\program files\Microsoft Security Client 2011-11-21 05:12 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-21 05:12 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll 2011-11-21 05:10 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers	cpip.sys 2011-11-21 05:09 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-11-21 05:09 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-11-21 05:03 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-11-21 05:03 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2011-11-21 05:03 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll 2011-11-21 05:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-11-21 05:01 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-11-21 05:01 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-11-21 04:56 . 2011-11-26 18:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-21 04:55 . 2011-10-18 09:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94306E9F-D96E-4A04-82AC-D622FB3E213D}\mpengine.dll 2011-11-21 04:55 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-21 04:53 . 2011-11-21 04:53 -------- d-----w- c:\windows\system32\Macromed 2011-11-21 04:45 . 2010-11-04 00:00 66572 ----a-w- c:\windows\system32\HerculesWiFiService.exe 2011-11-21 04:44 . 2011-11-26 19:56 -------- d-sh--w- c:\windows\Installer 2011-11-21 04:44 . 2011-11-21 04:44 -------- d-----w- c:\windows\Hercules WiFiN 2011-11-21 04:44 . 2011-11-21 04:44 -------- d-----w- c:\program files\Hercules 2011-11-21 04:44 . 2011-11-23 04:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2011-11-21 04:37 . 2011-11-24 23:18 -------- d-----w- c:\windows\system32\wbem\Performance 2011-11-21 04:33 . 2011-11-27 09:47 -------- d-----w- c:\users\Bryan 2011-11-21 04:29 . 2011-11-21 04:29 -------- d-----w- C:\Recovery 2011-11-21 04:14 . 2011-11-27 12:05 -------- d-----w- c:\windows\Panther 2011-11-21 04:08 . 2011-11-21 04:08 -------- d-----w- C:\Windows.old 2011-11-20 15:35 . 2011-11-20 15:35 -------- d-----w- C:\extensions 2011-11-20 14:27 . 2011-11-20 14:27 -------- d-----w- C:\NVIDIA . . . (((((((((((((((((((((((((((((((((( Find3M report )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 02:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-11-23 01:36 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((( Registry Run Points )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty items & legitimate initial items are not listed REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="c:\users\Bryan\Desktop\sdsetup_revwire207.exe" [2011-11-27 512992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "LXBLKsk"="c:\progra~1\Lexmark\PHOTOC~1\LXBLKsk.exe" [2003-03-26 294912] "MemoryCardManager"="c:\program files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe" [2003-04-29 122880] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WiFi Station.lnk - c:\program files\Hercules\WiFiStation\WiFiN.exe [2011-11-20 130856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] . . --- Other Services/Drivers in memory --- . *NewlyCreated* - MPKSL07A38D3E . Contents of the 'Scheduled Tasks' folder . 2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1557570581-2628441880-798532411-1000Core.job - c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 05:00] . 2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1557570581-2628441880-798532411-1000UA.job - c:\users\Bryan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 05:00] . . ------- Additional scan ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- BLOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1557570581-2628441880-798532411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1557570581-2628441880-798532411-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . End time: 2011-11-27 05:27:35 ComboFix-quarantined-files.txt 2011-11-27 13:27 ComboFix2.txt 2011-11-27 12:59 . Before-CF: 71 198 564 352 bytes free After-CF: 71 150 555 136 bytes free . - - End Of File - - 06F644C08187C553EE3EFB9795019473

bryanoulet · Answer

I don't know if it's the same as before.

bryanoulet · Answer

no, it's not the same as before.

juju666 · Answer

ok it's good :-)   disable your antivirus disable Windows defender if present disable your firewall  Download Pre_scan (from gen-hackman)  If the link does not work, use this one  &#9830 Save it on your desktop if it is not on your desktop, cut it from your downloads folder and paste it on your desktop  &#9654 Run Pre_scan. Warning: There will be a brief black screen while the tool works --> don't panic. If the tool gets stuck, use this version If the tool detects a proxy  and you haven't installed one  click on "remove the proxy"  &#9654 Once it has finished, a report will open.  &#9830 DO NOT POST IT ON THE FORUM (it is too long)  click on this link: http://www.cijoint.fr/  &#9654 Click on Browse and find the file Pre_Scan.txt located on your desktop (a copy is also at the root: C:\Pre_Scan.txt)  &#9654 Click on Open.  &#9654 Click on "Click here to upload the file".  A link of this form:  http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt  is added to the page.  &#9654 Copy this link in your response.   Pre_Scan tutorial: http://forums-fec.be/entraide/viewtopic.php?f=55&t=47 --  .::. Security Contributor .::.

bryanoulet · Answer

There isn't another site because I can't access cijointe.

bryanoulet · Answer

or else it will work if he joins.

bryanoulet · Answer

I have this link https://pjjoint.malekal.com/files.php?id=20111127_e13e7k13u12u5

bryanoulet · Answer

Here is the link I posted.

juju666 · Answer

We will perform a diagnosis of your PC:  &#9654 Download ZHPDiag  &#9654 Follow the installation instructions, check "Add an icon to the desktop" and "Run ZHPDiag"  &#9654 Click on the icon that looks like a green screwdriver and check everything, then click on the icon that looks like a magnifying glass (« Start the diagnosis »)  &#9654 During the scan, accept the installation of SigCheck  &#9654 Once the scan is at 100%, close ZHPDiag. Upload the ZHPDiag.txt report on your desktop.  Here’s how to proceed  &#9654 Go to pjjoint.malekal.com &#9654 Click on the Browse button &#9654 Select the file you want to upload and click Open &#9654 Click on the Send button &#9654 A confirmation message appears (The upload was successful! - The link to share with your contact to view the file is: https://pjjoint.malekal.com/files.php?id=df5ea299241015  &#9654 Copy the link in your next response.  Tutorial: http://forums-fec.be/entraide/viewtopic.php?f=55&t=13  See you soon. --  .::. Security Contributor .::.

bryanoulet · Answer

Here is the link https://pjjoint.malekal.com/files.php?id=ZHPDiag_20111202_d10g11x10m10r15

juju666 · Answer

Uninstall Spyware Doctor  ~~  &#9654 Copy all the text present in the code tag below (select it with your mouse / Right click on it and choose "copy" or press Ctrl+C)   R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} . (.No owner - IE Toolbar Helper Module.) (4, 2, 0, 7) -- C:\Program Files\BSP Toolbar	bhelper.dll => Infection BT (Adware.SocialSkinz) O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.No owner - IE Toolbar Engine.) -- C:\Program Files\BSP Toolbar	bcore3.dll => Infection BT (Adware.SocialSkinz) O3 - Toolbar: BSP Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} . (.No owner - IE Toolbar Engine.) -- C:\Program Files\BSP Toolbar	bcore3.dll => Infection BT (Adware.Softomate) [HKCU\Software\Nosibay] => Infection PUP (Adware.SPointer) [HKCU\Software\Somoto Toolbar] => Infection BT (Adware.MegaSearch) O43 - CFD: 11/24/2011 - 5:48:32 AM - [0] ----D- C:\Users\Bryan\AppData\Roaming\Nosibay => Infection PUP (Adware.SPointer) [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] => Infection BT (Adware.SocialSkinz) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}] => Infection BT (Adware.Softomate) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}] => Infection BT (Adware.Softomate) [HKLM\Software\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}] => Infection BT (Adware.Softomate) [HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] => Infection BT (Hijacker.Seeearch) [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] => Infection BT (Hijacker.Seeearch) [HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] => Infection BT (Adware. BullseyeToolbar) [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] => Infection BT (Adware.SocialSkinz) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Infection BT (Adware.SocialSkinz) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Infection BT (Adware.SocialSkinz) [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] => Infection BT (Adware.SocialSkinz) [HKCU\Software\Nosibay] => Infection PUP (Adware.SPointer) [HKCU\Software\Somoto Toolbar] => Infection BT (Adware.MegaSearch) [HKCU\Software\Somoto Toolbar] => Infection BT (Adware.MegaSearch) [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0} => Infection BT (Adware.SocialSkinz) C:\Users\Bryan\AppData\Roaming\Nosibay => Infection PUP (Adware.SPointer) C:\Users\Bryan\AppData\LocalLow\Toolbar4 => Infection BT (Adware.SocialSkinz) O43 - CFD: 11/24/2011 - 11:56:40 PM - [0.609] ----D- C:\Program Files\Conduit => Toolbar.Conduit O43 - CFD: 11/27/2011 - 12:52:30 PM - [0] ----D- C:\Users\Bryan\AppData\Local\Conduit => Toolbar.Conduit O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (Search) - http://ww1.bigseekpro.com => Toolbar.Agent [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] => Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] => Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils] => Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] => Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] => Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] => Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] => Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] => Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] => Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] => Adware.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] => Adware.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] => Adware.Agent [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] => Toolbar.Agent [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] => Toolbar.Agent [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] => Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] => Toolbar.Agent C:\Program Files\Conduit => Toolbar.Conduit C:\Users\Bryan\AppData\Local\Conduit => Toolbar.Conduit C:\Users\Bryan\AppData\LocalLow\Conduit => Toolbar.Conduit EMPTYTEMP EMPTYFLASH   &#9654 Then launch ZHPFix from the desktop shortcut.  &#9654 Once the ZHPFix tool is open, click the [ H ] button (“paste Helper lines”).  &#9654 In the main box, you will see the lines you copied previously appear.  &#9654 Make sure that all the lines I asked you to copy (and only those) are in the window.  &#9654 Click the “GO” button to start the cleaning  &#9654 Copy/Paste the report on the screen in your next message  Note: the report is also found in C:\ZHP under the name ZHPFix[Rx].txt (where X corresponds to the number of the ZHPFix run)  Tutorial: http://forums-fec.be/entraide/viewtopic.php?f=55&t=12 --  .::. Security Contributor .::.

bryanoulet · Answer

ZHPFix Report 1.12.3372 by Nicolas Coolman, Update of 11/22/2011 Registry Export File: Run by Bryan at 12/3/2011 10:33:44 AM Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601) Web site: http://www.premiumorange.com/zeb-help-process/zhpfix.html  ========== ========== MISSING Key: CLSID BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} DELETE Key: HKCU\Software\Nosibay MISSING Key: HKCU\Software\Somoto Toolbar DELETE Key: HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} DELETE Key: HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} MISSING Key: HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} MISSING Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} MISSING Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} MISSING Key: HKLM\Software\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} DELETE Key: HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} DELETE Key: HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} DELETE Key: HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} MISSING Key: HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} DELETE Key: HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} MISSING Key: HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} DELETE Key: HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} DELETE Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} DELETE Key: HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} MISSING Key: HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} MISSING Key: HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} DELETE Key: HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} DELETE Key: HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} DELETE Key: HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} DELETE Key: HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} DELETE Key: HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} DELETE Key: HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} DELETE Key: HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} DELETE Key: HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} MISSING Key: HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} DELETE Key: HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} DELETE Key: HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} MISSING Key: HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} MISSING Key: HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E} MISSING Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} MISSING Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} MISSING Key: HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} MISSING Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} DELETE Key: SearchScopes :{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} DELETE Key: HKLM\Software\Classes\AppID\TbCommonUtils.DLL DELETE Key: HKLM\Software\Classes\AppID\TbHelper.EXE DELETE Key: HKLM\Software\Classes\TbCommonUtils.CommonUtils DELETE Key: HKLM\Software\Classes\TbCommonUtils.CommonUtils.1 DELETE Key: HKLM\Software\Classes\TbHelper.TbDownloadManager DELETE Key: HKLM\Software\Classes\TbHelper.TbDownloadManager.1 DELETE Key: HKLM\Software\Classes\TbHelper.TbPropertyManager DELETE Key: HKLM\Software\Classes\TbHelper.TbPropertyManager.1 DELETE Key: HKLM\Software\Classes\TbHelper.TbRequest DELETE Key: HKLM\Software\Classes\TbHelper.TbRequest.1 DELETE Key: HKLM\Software\Classes\TbHelper.TbTask DELETE Key: HKLM\Software\Classes\TbHelper.TbTask.1 DELETE Key: HKLM\Software\Classes\TbHelper.ToolbarHelper DELETE Key: HKLM\Software\Classes\TbHelper.ToolbarHelper.1 MISSING Key: HKLM\Software\Classes\Toolbar3.ContextMenuNotifier MISSING Key: HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1 MISSING Key: HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl MISSING Key: HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1 MISSING Key: HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook MISSING Key: HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 MISSING Key: HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec} MISSING Key: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} MISSING Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}  ========== ========== MISSING URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} MISSING Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} MISSING [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0}  ========== ========== DELETE Folder: C:\Users\Bryan\AppData\Roaming\Nosibay DELETE Folder: c:\users\bryan\appdata\locallow	oolbar4 DELETE Folder: C:\Program Files\Conduit DELETE Folder: C:\Users\Bryan\AppData\Local\Conduit DELETE Folder: c:\users\bryan\appdata\locallow\conduit  : 106  6  ========== ========== MISSING File: c:\program files\bsp toolbar	bhelper.dll MISSING File: c:\program files\bsp toolbar	bcore3.dll MISSING Folder/File: c:\users\bryan\appdataoaming
osibay MISSING Folder/File: c:\program files\conduit MISSING Folder/File: c:\users\bryan\appdata\local\conduit  : 78  1   ========== ========== 61 : 3 : 7 : 7 :   End of clean in 31mn AMs  ========== ========== C:\ZHP\ZHPFix[R1].txt - 12/3/2011 10:33:44 AM [6088]

bryanoulet · Answer

here it is

g3n-h@ckm@n · Answer

hello to proceed ::  drag an icon any file onto Pre_scan, pre_script will appear  Launch Pre_script, a blank page will open.  select all the bold text below, then (right-click/copy or ctrl+c): ___________________________________________________ Kill::  Registry:: [HKCU\Software\2a6fafaf]  file:: C:\Users\Bryan\Desktop\sdsetup_revwire207.exe C:\Users\Bryan\Downloads\cleaner8_web_setup.exe C:\Users\Bryan\Downloads\sdsetup_revwire207.exe  folder:: C:\Windows\$NtUninstallKB31295$  attrib::  clean::  Reboot::  ___________________________________________________  then paste it (right-click/paste or ctrl+V) into the blank page.  then file tab => save (not save as...) , then close the text  black windows may flicker, it's normal, it's the program working  Pre_Script.txt will appear on the desktop at the end of the work  if your desktop does not reappear => ctrl+alt+del, task manager => file tab => new task then type explorer -- ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

bryanoulet · Answer

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 1.0.2.118 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤  ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤  Update: 25/11/2011 | 03:50 By g3n-h@ckm@n User: Bryan (Administrators) Computer: BRYAN-PC Operating System: Windows 7 Ultimate (32 bits) Internet Explorer: 9.0.8112.16421 Mozilla Firefox:  Possible switches:  processes:: | file:: | folder:: | Registry:: Driver:: | replace:: | DNS:: | Command:: attrib:: | txt:: | Host:: | NsLook:: list:: | IP:: | ADS:: | Kill:: | clean:: Reboot:: | MBR:: | Fixmbr::  Script: 11:16:17  ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤  Registry modification completed  ¤  Missing: C:\Users\Bryan\Desktop\sdsetup_revwire207.exe Missing: C:\Users\Bryan\Downloads\cleaner8_web_setup.exe Missing: C:\Users\Bryan\Downloads\sdsetup_revwire207.exe  ¤  Deleted: C:\Windows\$NtUninstallKB31295$  ¤  External drives: 1606 Reassigned items Local Disk: 12 Reassigned items Users: 1 Reassigned item ProgramFiles: 11 Reassigned items Music: 2 Reassigned items Pictures: 0 Reassigned items Videos: 0 Reassigned items Downloads: 0 Reassigned items Desktop: 0 Reassigned items Links: 0 Reassigned items Searches: 3 Reassigned items Contacts: 0 Reassigned items Saved Games: 0 Reassigned items Favorites: 0 Reassigned items Documents: 5 Reassigned items Windows: 112 Reassigned items StartMenu: 0 Reassigned items Libraries: 0 Reassigned items Quick Launch: 2 Reassigned items %AppData%: 5 Reassigned items  ¤   ¤¤¤¤¤¤¤¤¤¤ | Disk Cleanup  Disk cleanup completed  ¤   End: 11:20:32  ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

bryanoulet · Answer

here it is done

g3n-h@ckm@n · Answer

Do you confirm that the PC restarted at the end of the script? -- ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Development_¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

juju666 · Answer

Hi, thanks Gen  Where are we with the issues? A little overview of the state of the PC please --  .::. Security Contributor .::.

juju666 · Answer

yep  Optimization/Maintenance/Prevention Procedure  &#9654 Download here: PureRa (from the JavaRa publisher)  &#9654 Run it (right-click "run as administrator" for Vista/7)  => Configuration in video (thanks gen-hackman)  &#9654 Click on "Clean"  &#9654 The tool will perform its scan and then its cleaning  &#9654 At the end of the report, you will have a line like this:  Total space cleaned: 8140878 bytes  &#9654 Just send this line, the rest doesn't matter  ------  &#9654 Download and install Ccleaner  &#9654 Double-click the file to launch the installation  /!\ Vista and Windows 7 users: Right-click on the Ccleaner logo, "run as administrator"  &#9654 &#9654 Once opened, click on options and then advanced &#9654 Uncheck "delete only temporary files in the Windows temp folder older than 24 hours" &#9654 &#9654 Click on cleaner &#9654 Click on Windows and in the advanced column &#9654 Check the first box "old prefetch data" &#9654 Click on analyze once the analysis is complete &#9654 Click on "run cleaner" and on the confirmation request "OK" &#9654 &#9654 Click now on registry and then on "find errors" &#9654 Leave everything checked and click on "repair selected errors" &#9654 It will ask you to save ==> YES &#9654 Give it a name to find it later and save &#9654 Click on "fix all selected errors" and on the confirmation request ==> OK &#9654 Make sure there are no errors left by clicking on "find errors" again &#9654 Go back to options and check the box "delete only temporary files in the Windows temp folder older than 24 hours" and in Windows cleaner, under advanced, uncheck the first box "old prefetch data" &#9654 You can close Ccleaner  ------  Run a disk error check: Open Computer/My Computer => right-click on C: => properties => tools => Error checking click on check now. Then check both boxes and click on start. Respond yes to the warning message and restart your system.  ------  Defragment your hard disks: Download Deffragler, and defragment your disks.  ------  &#9654 Disable, then re-enable system restore after disinfection:  It is necessary to disable and then re-enable system restore to purge it because restore points can be infected:  XP: http://forums-fec.be/entraide/viewtopic.php?f=56&t=54 Vista: http://forums-fec.be/entraide/viewtopic.php?f=56&t=53 Seven: http://forums-fec.be/entraide/viewtopic.php?f=56&t=52  ------  &#9654 Keep your software up to date, it's important, use this program: https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite Absolutely necessary.  &#9654 Same for Windows Updates:  It is very important to keep your OS up to date because it fills security holes through which malware ("viruses") can enter...  &#9654 Windows Update XP (only with Internet Explorer): http://update.microsoft.com/windowsupdate/v6/   &#9654 Windows Update Vista/Seven: click on the Windows logo, type "Windows Update" in the search box, click on the result.  -----  &#9654 Update Java: https://www.java.com/fr/download/uninstalltool.jsp  &#9654 When installing the new version, remember to uncheck the Ask toolbar!!!  &#9654 Uninstall old versions of Java:  &#9654 Download JavaRa.zip  &#9654 Unzip the file on your desktop (right-click > Extract all.)  &#9654 Double-click on the obtained JavaRa folder.  &#9654 Then double-click on the JavaRa.exe file (the .exe may not be displayed)  &#9654 Click on Remove Older Versions.  &#9654 Click Yes to confirm. The tool will work, then click on Ok, then a second time on Ok.  &#9654 A report will open, copy-paste it into your next response.  &#9654 Note: the report is also located there: (C:\JavaRa.log)  &#9654 You can close the application  &#9654 &#9654 Update Adobe software:  &#9654 Reader: https://get2.adobe.com/fr/reader/otherversions/  &#9654 Flash Player: https://get.adobe.com/flashplayer/?loc=fr  -----  If you use FireFox, check that your plugins are up to date: https://support.mozilla.org/en-US/kb/npapi-plugins  -----  &#9654 &#9654 to remove disinfection tools:  &#9654 Download and run Delfix on your desktop  &#9654 Click on the "Removal" button and post its report in your next message &#9654 &#9654 To uninstall, just relaunch it and click the uninstall button.  Tutorial: http://forums-fec.be/entraide/viewtopic.php?f=55&t=14 ------  You can keep Malwarebytes for occasional scans  -----  Antivirus software doesn't do everything regarding the security of your machine (updating software, etc.) The best protection is to know about infections to avoid them and develop good habits. So you need to educate yourself.  You can read this topic on recommended software, and responsible behaviors on the web And this one, on free software to avoid  If you use Avast! or AVG - set it to detect PUPs - see: https://www.malekal.com/adwares-pup-protection/  A little reading to avoid infections: - know and avoid infections: https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf - secure your PC: http://forum.malekal.com/comment-securiser-son-ordinateur.html - read: http://www.commentcamarche.net/faq/27128-malwares-quels-enjeux-version-synthese  What you should not do: I download anything - I get infected - avoid programs through advertisements or on commercial links from search engines - they are scams:: The PUPs/PUPs: https://www.malekal.com/adwares-pup-protection/ Example of what not to do: https://forums.commentcamarche.net/forum/affich-19719198-onglets-pub-intempestifs#14 https://forums.commentcamarche.net/forum/affich-18347759-le-nouveau-avast-sonne-trop-souvent#9 I download from anywhere - I get infected: https://forums.commentcamarche.net/forum/affich-19916973-clickpotato-vlc-virus#6 Security recommendations: https://forums.commentcamarche.net/forum/affich-18680013-windows-7-et-antispyware#1  Functioning of some categories of malware: https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus ------  &#9654 &#9654 Don't forget to mark the thread as resolved  ------  If you have any other questions, Feel free to ask. We can part ways if the DelFix report is okay...  @+ --  .::. Security Contributor .::.

bryanoulet · Answer

I will forward it here, the line.

bryanoulet · Answer

Espace total nettoyé : 4200840 octets

juju666 · Answer

ok --  .::. Security Contributor .::.

bryanoulet · Answer

Here, I have updated all my software.

bryanoulet · Answer

Should I uninstall the software that I had installed, ComboFix, PreScan?

bryanoulet · Answer

Do I need to uninstall ComboFix, prescan?

juju666 · Answer

Well, read my tutorial; you have the answer... It happens automatically with Delfix! --  .::. Security Contributor .::.

bryanoulet · Answer

# DelFix v8.7 - Report created on 12/04/2011 at 16:35:59 # Updated on 12/01/11 at 20:00 by Xplode # Operating System: Windows 7 Ultimate Service Pack 1 (32 bits) # Username: Bryan - BRYAN-PC (Administrator) # Executed from: C:\Users\Bryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAY56J3H\delfix.exe # Option [Removal]   ~~~~~~ Folder(s) ~~~~~~  Deleted: C:\Qoobox Deleted: C:\Kill'em Deleted: C:\ZHP Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Deleted: C:\Program Files\ZHPDiag  ~~~~~~ File(s) ~~~~~~  Deleted: C:\Users\Bryan\Desktop\bryan.exe <-- Combofix Deleted: C:\ComboFix.txt Deleted: C:\PhysicalDisk0_MBR.bin Deleted: C:\Users\Bryan\Desktop\Pre_scan.exe Deleted: C:\Users\Bryan\Desktop\Pre_Script.exe Deleted: C:\Users\Bryan\Desktop\Pre_script.txt Deleted: C:\Users\Bryan\Desktop\ZHPFix.exe Deleted: C:\Users\Bryan\Desktop\ZHPFixReport.txt Deleted: C:\Users\Public\Desktop\ZHPDiag.lnk Deleted: C:\Windows\grep.exe Deleted: C:\Windows\PEV.exe Deleted: C:\Windows\NIRCMD.exe Deleted: C:\Windows\MBR.exe Deleted: C:\Windows\SED.exe Deleted: C:\Windows\SWREG.exe Deleted: C:\Windows\SWSC.exe Deleted: C:\Windows\SWXCACLS.exe Deleted: C:\Windows\Zip.exe  ~~~~~~ Registry ~~~~~~  Key Deleted: HKCU\Software\g3n-h@ckm@n Key Deleted: HKLM\SOFTWARE\Swearware Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Key Deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe  ~~~~~~ Others ~~~~~~  -> Prefetch Empty  *************************  DelFix[S1].txt - [1676 bytes] - [12/04/2011 16:35:59]  ########## EOF - C:\DelFix[S1].txt - [1800 bytes] ##########

juju666 · Answer

caution and good surfing. --  .::. Security Contributor .::.

bryanoulet · Answer

Thank you very much.

g3n-h@ckm@n · Answer

Good evening, if you speak French, we understand you better! -- ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

How to remove my trojan virus:win32/si...

44 réponses

How to get the character µ on the android keyboard.

Texture issues in enshrouded

Access issue to my "contact me" profile

Windows spotlight is not working.

My tv turns off and then on again repeatedly?

Executable from a python file

Pay in 4 installments cdiscount

The alt gr key is not working on my keyboard.

Code 80072efe how to get windows update working again

Video in ".3gp" format