Inactive Black screen after Win 7 desktop load up

[Swerner]

Hi there, I've had the same problem as this guy: https://www.techspot.com/community/topics/black-screen-after-desktop-loads.146290/reply

I followed the instructions given, but now instead of having a black screen after 10 seconds of Desktop loading up, I get vertical blue and white lines all across my screen.

Combofix said I had avast running but I couldn't find the program running anywhere, it was gone from my processes as well.

Do you need any of the logs I've taken with the programs mentioned in the thread?

If its easier to re-instal windows at this point, please let me know.

Thank you,

-Werner

Edit: well, I just now read the sticky above that says not to try suggestions given to other people. Unfortunately, the thread I copy/pasted was given to me through a Google search while trying to solve this problem, thus I did not see the stickied warning thread before reading the instructions... Apologies.

 

[Swerner]

Alright, I used RegcurePro and now the I'm back to the black screen after desktop loads.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================================

I used RegcurePro

Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

==========================================================================

Did you try to boot to safe mode?

 

[Swerner]

Everything I do, including typing on this forum is done through safe mode with network. if I try to boot normally, my screen goes black after a few seconds. I opened my task manager to see which processes loaded up that I couldn't recognize. This may just be co-incidence, but it seems at some point that a process shows up in the list but right away my screen goes black and I don't have time to read. I wonder if it is this process that triggers the black screen, or if its purely coincidental.

 

[Broni]

While in safe mode....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Swerner]

Gmer gave no Log


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

2012-05-20 13:22:33
mbam-log-2012-05-20 (13-22-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401181
Time elapsed: 37 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Steve\Downloads\setup.exe (Rogue.Installer.SFXGen1) -> Quarantined and deleted successfully.

(end)



.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Steve at 14:45:19 on 2012-05-20
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8175.7333 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: Interfaces\{75064987-6D9D-4139-A556-F5FB759E841C} : DhcpNameServer = 192.168.1.1 24.48.19.13 24.202.72.13
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\gtun55fu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-29 44768]
S2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-2-23 68136]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-23 654408]
S2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-2-23 114688]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-2-23 25640]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-2-23 30528]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-20 18:35:27 -------- d-----w- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2012-05-20 17:16:41 -------- d-----w- C:\Users\Steve\AppData\Local\Temp
2012-05-20 16:57:04 -------- d-----w- C:\Users\Steve\AppData\Roaming\ParetoLogic
2012-05-20 16:57:04 -------- d-----w- C:\Users\Steve\AppData\Roaming\DriverCure
2012-05-20 16:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2012-05-20 16:57:01 -------- d-----w- C:\ProgramData\ParetoLogic
2012-05-20 16:57:01 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2012-05-20 16:20:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-18 17:53:15 -------- d-----w- C:\Users\Steve\AppData\Local\Chromium
2012-05-18 16:29:06 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86B4077A-F743-477F-B1D6-064CB4ED5208}\mpengine.dll
2012-05-16 03:16:38 -------- d-----w- C:\ProgramData\AMD
2012-05-16 03:16:37 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-05-16 03:16:34 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-16 03:16:30 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-05-16 03:12:55 -------- d-----w- C:\AMD
2012-05-16 00:54:00 -------- d-----w- C:\Users\Steve\AppData\Local\Funcom
2012-05-16 00:50:21 -------- d-----w- C:\ProgramData\media center programs
2012-05-16 00:50:20 -------- d-----w- C:\Program Files (x86)\Funcom
2012-05-13 21:00:12 -------- d-----w- C:\Users\Steve\AppData\Local\SniperV2
2012-05-13 00:44:09 -------- d-----w- C:\Users\Steve\.swt
2012-05-13 00:44:07 -------- d-----w- C:\Users\Steve\AppData\Roaming\Azureus
2012-05-13 00:43:37 -------- d-----w- C:\Program Files (x86)\Vuze
2012-05-10 19:13:11 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 19:13:10 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 19:13:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 19:13:05 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 19:13:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 19:13:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 19:12:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 19:12:28 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 19:12:20 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:12:20 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 19:12:20 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:12:19 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 19:12:19 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 20:07:06 -------- d-----w- C:\Users\Steve\AppData\Roaming\NationRed
2012-05-08 20:06:53 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-29 20:31:59 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-29 20:31:02 -------- d-----w- C:\Users\Steve\AppData\Local\PunkBuster
2012-04-21 18:48:31 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-04-21 18:48:31 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-04-21 18:48:31 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-04-21 18:48:31 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-04-21 18:48:31 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-04-21 18:48:31 -------- d-----w- C:\Program Files (x86)\Grinding Gear Games
2012-04-21 03:48:17 1313792 ----a-w- C:\Windows\System32\ac3filter64.acm
2012-04-21 03:48:17 1075200 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2012-04-21 03:48:16 -------- d-----w- C:\Program Files (x86)\AC3Filter
2012-04-20 20:38:09 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-04-20 19:22:36 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
2012-04-20 19:22:36 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-04-20 19:21:47 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2012-05-20 18:40:11 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-05-20 18:40:03 25640 ----a-w- C:\Windows\gdrv.sys
2012-05-04 03:05:40 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-03 01:40:51 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-01 01:53:35 25640 ----a-w- C:\Windows\etdrv.sys
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-04-06 02:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-09 18:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-03-09 18:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 19:07:41 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:45:41 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-25 19:45:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-02-25 19:45:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-25 13:54:25 1 ----a-w- C:\Windows\SysWow64\SI.bin
2012-02-24 04:46:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:54:28 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 14:45:44,20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-02-23 11:38:51
System Uptime: 2012-05-20 14:42:05 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P67A-UD3-B3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3292/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 774,366 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
==== System Restore Points ===================
.
RP62: 2012-05-08 16:05:31 - DirectX est installé
RP63: 2012-05-10 15:08:04 - Windows Update
RP64: 2012-05-10 23:07:18 - Windows Update
RP65: 2012-05-12 20:48:31 - DirectX est installé
RP66: 2012-05-15 15:36:17 - Windows Update
RP67: 2012-05-15 23:19:58 - Installed Application Profiles
.
==== Installed Programs ======================
.
@BIOS
AC3Filter 2.1a
Adobe AIR
Adobe Reader X (10.1.2)
Apple Application Support
Apple Software Update
Application Profiles
Assassin's Creed Revelations
AutoGreen B10.1021.1
avast! Free Antivirus
Call of Duty 4: Modern Warfare
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Coby Media Manager
Crusader Kings II
Dead Island
DES 2.0
Diablo III Beta
DivX Setup
Dropbox
Easy Tune 6 B10.1024.1
Fallen Earth
Free Internet Window Washer
GamersFirst LIVE!
Google Chrome
Google Update Helper
Heroes of Might and Magic V - Tribes of the East
HydraVision
Intel(R) Control Center
Intel(R) Management Engine Components
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Men of War: Assault Squad
Microsoft Office Access MUI (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Might & Magic Heroes VI
Mount & Blade: Warband
Mozilla Firefox 10.0.2 (x86 en-US)
Mumble 1.2.3
Nation Red
Network Magic
NVIDIA PhysX
ON_OFF Charge B10.0427.1
OpenAL
Pando Media Booster
Path of Exile
PunkBuster Services
Pure Networks Platform
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RegCure Pro
Renesas Electronics USB 3.0 Host Controller Driver
Smart 6 B10.1023.1
Sniper Elite V2
Steam
TeamSpeak 3 Client
The Secret World
Trine 2
Ubisoft Game Launcher
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Vuze
World of Battles
.
==== End Of File ===========================

 

[Broni]

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

===========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Swerner]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-20 15:31:38
-----------------------------
15:31:38.114 OS Version: Windows x64 6.1.7601 Service Pack 1
15:31:38.114 Number of processors: 4 586 0x2A07
15:31:38.114 ComputerName: STEVE-PC UserName: Steve
15:31:39.182 Initialize success
15:31:40.101 AVAST engine defs: 12051901
15:31:56.757 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:31:56.758 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 11
15:31:56.773 Disk 0 MBR read successfully
15:31:56.774 Disk 0 MBR scan
15:31:57.144 Disk 0 Windows 7 default MBR code
15:31:57.149 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:31:57.334 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:31:57.499 Disk 0 scanning C:\Windows\system32\drivers
15:32:07.583 Service scanning
15:32:19.966 Modules scanning
15:32:19.970 Disk 0 trace - called modules:
15:32:19.983 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:32:19.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076f8060]
15:32:19.988 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80074c7090]
15:32:19.991 5 ACPI.sys[fffff88000f4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074d3060]
15:32:20.937 AVAST engine scan C:\Windows
15:32:22.960 AVAST engine scan C:\Windows\system32
15:33:42.470 AVAST engine scan C:\Windows\system32\drivers
15:33:49.259 AVAST engine scan C:\Users\Steve
15:35:57.924 AVAST engine scan C:\ProgramData
15:36:07.166 Scan finished successfully
15:43:03.316 Disk 0 MBR has been saved successfully to "C:\Users\Steve\Desktop\MBR.dat"
15:43:03.319 The log file has been saved successfully to "C:\Users\Steve\Desktop\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Swerner]

Sorry, my OS is in french; here is the combofix log, thank you.

ComboFix 12-05-20.09 - Steve 2012-05-20 17:02:34.2.4 - x64 NETWORK
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.2.1036.18.8175.6968 [GMT -4:00]
Lancé depuis: c:\users\Steve\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-20 au 2012-05-20 ))))))))))))))))))))))))))))))))))))
.
.
2012-05-20 21:07 . 2012-05-20 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 18:35 . 2012-05-20 18:36 -------- d-----w- c:\users\Steve\AppData\Local\ElevatedDiagnostics
2012-05-20 17:16 . 2012-05-20 21:10 -------- d-----w- c:\users\Steve\AppData\Local\Temp
2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\users\Steve\AppData\Roaming\ParetoLogic
2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\users\Steve\AppData\Roaming\DriverCure
2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\programdata\ParetoLogic
2012-05-20 16:57 . 2012-05-20 16:57 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-05-18 17:53 . 2012-05-18 17:53 -------- d-----w- c:\users\Steve\AppData\Local\Chromium
2012-05-18 16:29 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86B4077A-F743-477F-B1D6-064CB4ED5208}\mpengine.dll
2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\programdata\ATI
2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\programdata\AMD
2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-16 03:16 . 2012-05-16 03:16 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-16 03:12 . 2012-05-16 03:19 -------- d-----w- C:\AMD
2012-05-16 00:54 . 2012-05-16 00:54 -------- d-----w- c:\users\Steve\AppData\Local\Funcom
2012-05-16 00:50 . 2012-05-16 00:50 -------- d-----w- c:\programdata\media center programs
2012-05-16 00:50 . 2012-05-16 00:50 -------- d-----w- c:\program files (x86)\Funcom
2012-05-13 21:00 . 2012-05-13 21:04 -------- d-----w- c:\users\Steve\AppData\Local\SniperV2
2012-05-13 00:44 . 2012-05-13 00:44 -------- d-----w- c:\users\Steve\.swt
2012-05-13 00:44 . 2012-05-20 17:15 -------- d-----w- c:\users\Steve\AppData\Roaming\Azureus
2012-05-13 00:43 . 2012-05-13 00:43 -------- d-----w- c:\program files (x86)\Vuze
2012-05-10 19:13 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 19:13 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 19:13 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 19:13 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 19:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 19:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 19:12 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 19:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 19:12 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 19:12 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:12 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:12 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 19:12 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 20:07 . 2012-05-08 21:14 -------- d-----w- c:\users\Steve\AppData\Roaming\NationRed
2012-05-08 20:06 . 2012-05-08 20:06 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-29 20:31 . 2012-05-04 03:05 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-29 20:31 . 2012-04-29 20:31 -------- d-----w- c:\users\Steve\AppData\Local\PunkBuster
2012-04-21 18:48 . 2012-04-21 18:48 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-21 18:48 . 2012-04-21 18:48 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-21 18:48 . 2012-04-21 18:48 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-21 18:48 . 2012-04-21 18:48 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-04-21 18:48 . 2012-04-21 18:48 -------- d-----w- c:\program files (x86)\OpenAL
2012-04-21 18:48 . 2012-04-21 18:48 -------- d-----w- c:\program files (x86)\Grinding Gear Games
2012-04-21 03:48 . 2012-04-11 00:37 1313792 ----a-w- c:\windows\system32\ac3filter64.acm
2012-04-21 03:48 . 2012-04-11 00:31 1075200 ----a-w- c:\windows\SysWow64\ac3filter.acm
2012-04-21 03:48 . 2012-04-21 03:48 -------- d-----w- c:\program files (x86)\AC3Filter
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 21:10 . 2012-02-23 17:21 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-05-20 21:10 . 2012-02-23 17:05 25640 ----a-w- c:\windows\gdrv.sys
2012-05-04 03:05 . 2012-03-01 19:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-03 01:40 . 2012-03-01 19:07 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-01 01:53 . 2012-02-23 17:21 25640 ----a-w- c:\windows\etdrv.sys
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-03-03 04:15 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-02-23 17:50 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-03-03 03:57 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-03-03 03:06 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 19:56 . 2012-02-23 17:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 03:33 . 2012-03-29 03:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 03:33 . 2012-03-29 03:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 03:33 . 2012-03-29 03:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-29 03:33 . 2012-03-29 03:33 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-29 03:33 . 2012-03-29 03:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-29 03:33 . 2012-03-29 03:33 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-29 03:33 . 2012-03-29 03:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-29 03:33 . 2012-03-29 03:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-29 03:33 . 2012-03-29 03:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-29 03:33 . 2012-03-29 03:33 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-29 03:33 . 2012-03-29 03:33 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-29 03:33 . 2012-03-29 03:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-29 03:33 . 2012-03-29 03:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-29 03:33 . 2012-03-29 03:33 448512 ----a-w- c:\windows\system32\html.iec
2012-03-29 03:33 . 2012-03-29 03:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-29 03:33 . 2012-03-29 03:33 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-29 03:33 . 2012-03-29 03:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-29 03:33 . 2012-03-29 03:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-29 03:33 . 2012-03-29 03:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-29 03:33 . 2012-03-29 03:33 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-29 03:33 . 2012-03-29 03:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-29 03:33 . 2012-03-29 03:33 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-29 03:33 . 2012-03-29 03:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-29 03:33 . 2012-03-29 03:33 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-29 03:33 . 2012-03-29 03:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-29 03:33 . 2012-03-29 03:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-29 03:33 . 2012-03-29 03:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-29 03:33 . 2012-03-29 03:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-29 03:33 . 2012-03-29 03:33 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-29 03:33 . 2012-03-29 03:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-29 03:33 . 2012-03-29 03:33 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-29 03:33 . 2012-03-29 03:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-29 03:33 . 2012-03-29 03:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-29 03:33 . 2012-03-29 03:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-09 18:07 . 2012-03-09 18:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 18:06 . 2012-03-09 18:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-06 23:15 . 2012-02-23 17:32 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-02-23 17:32 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-29 14:20 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-29 14:20 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-01 25640]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-20 30528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:34]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 17:34]
.
2012-05-20 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2012-05-20 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2011-12-21 00:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\gtun55fu.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\05\00\0d\00+1Û"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
.
**************************************************************************
.
Heure de fin: 2012-05-20 17:13:23 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-05-20 21:13
ComboFix2.txt 2012-05-20 16:23
.
Avant-CF: 836 405 686 272 octets libres
Après-CF: 836 243 324 928 octets libres
.
- - End Of File - - 49D42F857AF7122F1D59F8C60A8084C0

 

[Broni]

We're not dealing with any infection here.

I suggest you start new topic in Windows forum.

My guess would be overheating/video driver/video card problem but It's be a subject to a different forum.

 

[Swerner]

Alright, thank you so much for your help and time!

 

[Broni]

You're very welcome