Jump to content

BatTheFat

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by BatTheFat

  1. BatTheFat
    I tried to do your ESET scan, but it's incredibly slow. I have no problem and I need no more your help. Thanks for your help BatTheFat
  2. BatTheFat
    As promised... : MBAM logfile: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Version de la base de données: v2013.01.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bat The Fat :: BC-W7-64B [administrateur] 28/01/2013 21:42:37 mbam-log-2013-01-28 (21-42-37).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 235287 Temps écoulé: 2 minute(s), 16 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) Hijackthis logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:49:09, on 28/01/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Users\Bat The Fat\Desktop\Désinfection whitesmoke\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-21-3804491217-1590960393-4230494032-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3804491217-1590960393-4230494032-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing) O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing) O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\x64\maconfservice.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 24553 bytes
  3. BatTheFat
    Hi, Sorry again for answering so late. I uninsalled uTorrent and I updated Java to 7 v11 (I heard about a big prob of security with 7v10). I use CCleaner since a long time, I use it daily and update it as soon as a new version appears (actually v3.27.xxx), same thing with mbam free version, updated by myself 3 or 4 times per week. So I'll send you in the next hours what u asked me. BatTheFat PS: sorry for my bad english
  4. BatTheFat
    Hi, My computer run fines Here is le combofix log : ComboFix 13-01-21.04 - Bat The Fat 21/01/2013 19:26:57.2.4 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6570 [GMT 1:00] Lancé depuis: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\ComboFix.exe Commutateurs utilisés :: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-12-21 au 2013-01-21 )))))))))))))))))))))))))))))))))))) . . 2013-01-21 18:31 . 2013-01-21 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-21 18:31 . 2013-01-21 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-21 11:47 . 2009-08-19 22:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-01-20 21:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA8C7D67-34F4-4F6A-A163-428C7967608C}\mpengine.dll 2013-01-17 22:59 . 2009-08-19 22:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll 2013-01-17 19:51 . 2013-01-17 19:51 -------- d-----w- c:\program files\TAP-Windows 2013-01-17 19:51 . 2013-01-17 19:51 -------- d-----w- c:\program files\OpenVPN 2013-01-15 17:21 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-13 22:56 . 2013-01-17 19:41 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\TeamViewer 2013-01-13 18:53 . 2013-01-13 18:53 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\NVIDIA 2013-01-13 18:53 . 2013-01-15 17:23 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Media Player Classic 2013-01-13 18:39 . 2013-01-13 18:39 -------- d-----w- c:\users\Bat The Fat\AppData\Local\Ubisoft Game Launcher 2013-01-09 21:33 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll 2013-01-09 21:33 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll 2013-01-09 21:33 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll 2013-01-09 21:33 . 2006-05-16 14:08 99328 ----a-w- c:\windows\system32\_IsRes.dll 2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\program files (x86)\Thrustmaster 2013-01-09 21:32 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll 2013-01-09 21:32 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll 2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\InstallShield 2013-01-09 20:58 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:58 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 20:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 20:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 20:58 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 20:58 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 20:58 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:58 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 20:58 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 20:58 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-07 22:49 . 2013-01-14 13:53 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Ubisoft 2013-01-07 22:49 . 2013-01-14 13:45 -------- d-----w- c:\programdata\Ubisoft 2013-01-07 22:42 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2013-01-07 22:36 . 2013-01-14 13:36 -------- d-----w- c:\program files (x86)\Ubisoft 2013-01-06 21:30 . 2013-01-14 17:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\FileZilla 2013-01-06 21:30 . 2013-01-06 21:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2013-01-06 21:18 . 2013-01-06 22:39 -------- d-----w- c:\programdata\FLEXnet 2013-01-06 21:14 . 2013-01-17 23:08 -------- d-----w- c:\program files\Adobe 2013-01-06 21:12 . 2013-01-06 21:12 -------- d-----w- c:\programdata\ALM 2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\windows\SysWow64\spool 2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\program files (x86)\Adobe Media Player 2013-01-06 21:03 . 2013-01-06 21:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2013-01-06 21:02 . 2013-01-06 21:14 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-06 21:02 . 2013-01-06 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2013-01-06 21:00 . 2013-01-06 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared 2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\VST3 Presets 2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\programdata\Steinberg 2013-01-02 21:55 . 2013-01-02 21:55 -------- d-----w- c:\program files\Steinberg 2013-01-02 21:53 . 2009-12-19 10:18 2395648 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2013-01-02 21:53 . 2007-08-24 12:24 16138240 ----a-w- C:\HALionOne.dll 2013-01-02 21:53 . 2013-01-02 21:53 -------- d-----w- c:\program files (x86)\Common Files\VST3 2013-01-02 21:44 . 2013-01-02 21:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Steinberg 2013-01-02 21:44 . 2013-01-02 21:44 -------- d-----w- c:\program files (x86)\Steinberg 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Common Files\DESIGNER 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft.NET 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-01-02 20:32 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft SQL Server 2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\windows\PCHEALTH 2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files\Microsoft Analysis Services 2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-01-02 20:29 . 2013-01-02 20:29 -------- d-----w- c:\users\Bat The Fat\AppData\Local\Microsoft Help 2013-01-02 20:29 . 2013-01-02 20:32 -------- d-----w- c:\program files\Microsoft Office 2013-01-02 20:29 . 2013-01-02 20:53 -------- d-----w- c:\programdata\Microsoft Help 2013-01-02 20:28 . 2013-01-02 20:28 -------- d-----r- C:\MSOCache 2012-12-26 15:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-26 15:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-26 15:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-26 15:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-10 10:14 . 2012-12-17 23:51 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 19:54 . 2012-12-18 10:39 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 19:54 . 2012-12-18 10:39 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-19 10:18 . 2012-12-17 21:26 564824 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-12-19 00:28 . 2012-12-19 00:28 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-19 00:28 . 2012-12-19 00:28 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-17 23:45 . 2012-12-17 23:45 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-17 23:45 . 2012-12-17 23:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-12-17 23:45 . 2012-12-17 23:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-12-17 23:45 . 2012-12-17 23:45 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-12-17 23:45 . 2012-12-17 23:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-12-17 23:45 . 2012-12-17 23:45 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-12-17 23:45 . 2012-12-17 23:45 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-12-17 23:45 . 2012-12-17 23:45 82432 ----a-w- c:\windows\system32\icardie.dll 2012-12-17 23:45 . 2012-12-17 23:45 816640 ----a-w- c:\windows\system32\jscript.dll 2012-12-17 23:45 . 2012-12-17 23:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-12-17 23:45 . 2012-12-17 23:45 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-12-17 23:45 . 2012-12-17 23:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-12-17 23:45 . 2012-12-17 23:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-12-17 23:45 . 2012-12-17 23:45 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-12-17 23:45 . 2012-12-17 23:45 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-12-17 23:45 . 2012-12-17 23:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-12-17 23:45 . 2012-12-17 23:45 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-12-17 23:45 . 2012-12-17 23:45 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-12-17 23:45 . 2012-12-17 23:45 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-12-17 23:45 . 2012-12-17 23:45 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-12-17 23:45 . 2012-12-17 23:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-12-17 23:45 . 2012-12-17 23:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-12-17 23:45 . 2012-12-17 23:45 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-12-17 23:45 . 2012-12-17 23:45 448512 ----a-w- c:\windows\system32\html.iec 2012-12-17 23:45 . 2012-12-17 23:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-12-17 23:45 . 2012-12-17 23:45 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-12-17 23:45 . 2012-12-17 23:45 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-12-17 23:45 . 2012-12-17 23:45 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-12-17 23:45 . 2012-12-17 23:45 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-12-17 23:45 . 2012-12-17 23:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-12-17 23:45 . 2012-12-17 23:45 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-17 23:45 . 2012-12-17 23:45 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-12-17 23:45 . 2012-12-17 23:45 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-12-17 23:45 . 2012-12-17 23:45 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-12-17 23:45 . 2012-12-17 23:45 248320 ----a-w- c:\windows\system32\ieui.dll 2012-12-17 23:45 . 2012-12-17 23:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-17 23:45 . 2012-12-17 23:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-17 23:45 . 2012-12-17 23:45 237056 ----a-w- c:\windows\system32\url.dll 2012-12-17 23:45 . 2012-12-17 23:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-12-17 23:45 . 2012-12-17 23:45 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-12-17 23:45 . 2012-12-17 23:45 222208 ----a-w- c:\windows\system32\msls31.dll 2012-12-17 23:45 . 2012-12-17 23:45 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-12-17 23:45 . 2012-12-17 23:45 197120 ----a-w- c:\windows\system32\msrating.dll 2012-12-17 23:45 . 2012-12-17 23:45 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-12-17 23:45 . 2012-12-17 23:45 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-12-17 23:45 . 2012-12-17 23:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-12-17 23:45 . 2012-12-17 23:45 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-12-17 23:45 . 2012-12-17 23:45 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-12-17 23:45 . 2012-12-17 23:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-12-17 23:45 . 2012-12-17 23:45 160256 ----a-w- c:\windows\system32\wextract.exe 2012-12-17 23:45 . 2012-12-17 23:45 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-12-17 23:45 . 2012-12-17 23:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-12-17 23:45 . 2012-12-17 23:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-12-17 23:45 . 2012-12-17 23:45 149504 ----a-w- c:\windows\system32\occache.dll 2012-12-17 23:45 . 2012-12-17 23:45 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-12-17 23:45 . 2012-12-17 23:45 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-12-17 23:45 . 2012-12-17 23:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-12-17 23:45 . 2012-12-17 23:45 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-12-17 23:45 . 2012-12-17 23:45 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-12-17 23:45 . 2012-12-17 23:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-12-17 23:45 . 2012-12-17 23:45 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-12-17 23:45 . 2012-12-17 23:45 12288 ----a-w- c:\windows\system32\mshta.exe 2012-12-17 23:45 . 2012-12-17 23:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-12-17 23:45 . 2012-12-17 23:45 114176 ----a-w- c:\windows\system32\admparse.dll 2012-12-17 23:45 . 2012-12-17 23:45 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-12-17 23:45 . 2012-12-17 23:45 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-12-17 23:45 . 2012-12-17 23:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-12-17 23:45 . 2012-12-17 23:45 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-12-17 23:45 . 2012-12-17 23:45 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-12-17 23:45 . 2012-12-17 23:45 103936 ----a-w- c:\windows\system32\inseng.dll 2012-12-17 23:45 . 2012-12-17 23:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-12-17 22:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-12-17 22:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-12-14 15:49 . 2012-12-18 23:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 15:47 . 2012-12-19 00:08 9271352 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-03 15:47 . 2012-12-19 00:08 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-03 15:47 . 2012-12-19 00:08 7446192 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-03 15:47 . 2012-12-19 00:08 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-03 15:47 . 2012-12-19 00:08 2784104 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-03 15:47 . 2012-12-19 00:08 26811240 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-03 15:47 . 2012-12-19 00:08 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-03 15:47 . 2012-12-19 00:08 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-03 15:47 . 2012-12-19 00:08 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-03 15:47 . 2012-12-19 00:08 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-03 15:47 . 2012-12-19 00:08 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-03 15:47 . 2012-12-19 00:08 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-03 15:47 . 2012-12-19 00:08 1805672 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-03 15:47 . 2012-12-19 00:08 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-03 15:47 . 2012-12-19 00:08 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-03 15:47 . 2012-12-19 00:08 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-03 15:47 . 2012-12-19 00:08 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-03 15:47 . 2011-06-14 01:40 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-03 15:47 . 2011-06-14 01:40 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-03 15:47 . 2011-06-14 01:40 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-01-06 1038088] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-18 1255736] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-26 32256] . . Contenu du dossier 'Tâches planifiées' . 2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 19:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Ajouter au fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL FF - ProfilePath - c:\users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\ FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2013-01-21 19:32:55 ComboFix-quarantined-files.txt 2013-01-21 18:32 . Avant-CF: 124 330 344 448 octets libres Après-CF: 124 029 227 008 octets libres . - - End Of File - - 4F99DECF5099C76B973A8F4883E6F082
  5. BatTheFat
    Sorry Gringo, I'll run CFScript as you described in your 13 january post, tonight or tomorrow
  6. BatTheFat
    Hi, here's the log from Combofix: ComboFix 13-01-13.01 - Bat The Fat 13/01/2013 16:25:17.1.4 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6673 [GMT 1:00] Lancé depuis: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\xp-AntiSpy c:\program files (x86)\xp-AntiSpy\Uninstall.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-12-13 au 2013-01-13 )))))))))))))))))))))))))))))))))))) . . 2013-01-13 15:29 . 2013-01-13 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-11 12:14 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCD7EB31-4081-4157-BADA-935CA0999A87}\mpengine.dll 2013-01-09 21:33 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll 2013-01-09 21:33 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll 2013-01-09 21:33 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll 2013-01-09 21:33 . 2006-05-16 14:08 99328 ----a-w- c:\windows\system32\_IsRes.dll 2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\program files (x86)\Thrustmaster 2013-01-09 21:32 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll 2013-01-09 21:32 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll 2013-01-09 20:58 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 20:58 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 20:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 20:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 20:58 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 20:58 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 20:58 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 20:58 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 20:58 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 20:58 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-07 22:49 . 2013-01-07 22:49 -------- d-----w- c:\programdata\Ubisoft 2013-01-07 22:42 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll 2013-01-07 22:42 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll 2013-01-07 22:36 . 2013-01-07 22:43 -------- d-----w- c:\program files (x86)\Ubisoft 2013-01-06 21:30 . 2013-01-06 21:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2013-01-06 21:18 . 2013-01-06 22:39 -------- d-----w- c:\programdata\FLEXnet 2013-01-06 21:14 . 2013-01-06 21:14 -------- d-----w- c:\program files\Adobe 2013-01-06 21:12 . 2013-01-06 21:12 -------- d-----w- c:\programdata\ALM 2013-01-06 21:09 . 2008-04-07 04:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\windows\SysWow64\spool 2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\program files (x86)\Adobe Media Player 2013-01-06 21:03 . 2013-01-06 21:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2013-01-06 21:02 . 2013-01-06 21:14 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-06 21:02 . 2013-01-06 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2013-01-06 21:00 . 2013-01-06 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared 2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\programdata\Steinberg 2013-01-02 21:55 . 2013-01-02 21:55 -------- d-----w- c:\program files\Steinberg 2013-01-02 21:53 . 2009-12-19 10:18 2395648 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL 2013-01-02 21:53 . 2007-08-24 12:24 16138240 ----a-w- C:\HALionOne.dll 2013-01-02 21:53 . 2013-01-02 21:53 -------- d-----w- c:\program files (x86)\Common Files\VST3 2013-01-02 21:44 . 2013-01-02 21:44 -------- d-----w- c:\program files (x86)\Steinberg 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Common Files\DESIGNER 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft.NET 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-01-02 20:32 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft SQL Server 2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\windows\PCHEALTH 2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files\Microsoft Analysis Services 2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2013-01-02 20:29 . 2013-01-02 20:32 -------- d-----w- c:\program files\Microsoft Office 2013-01-02 20:29 . 2013-01-02 20:53 -------- d-----w- c:\programdata\Microsoft Help 2013-01-02 20:28 . 2013-01-02 20:28 -------- d-----r- C:\MSOCache 2012-12-26 15:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-26 15:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-26 15:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-26 15:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 20:58 . 2013-01-02 23:17 -------- d---a-w- C:\.Trashes 2012-12-19 10:39 . 2012-12-19 10:40 -------- d-----w- C:\PAS TOUCHE 2012-12-19 10:33 . 2012-12-19 10:33 -------- d-----w- c:\programdata\Media Center Programs 2012-12-19 10:27 . 2012-12-19 10:27 -------- d-----w- c:\program files (x86)\Eidos 2012-12-19 07:27 . 2012-12-19 07:27 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-12-19 00:29 . 2012-12-19 00:29 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-19 00:28 . 2012-12-19 00:28 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-19 00:28 . 2012-12-19 00:28 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-19 00:28 . 2012-12-19 00:28 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-19 00:28 . 2012-12-19 00:28 -------- d-----w- c:\program files (x86)\Java 2012-12-19 00:21 . 2012-12-19 00:21 -------- d-----w- c:\program files (x86)\TeamViewer 2012-12-19 00:11 . 2012-12-19 00:11 -------- d-----w- c:\users\UpdatusUser 2012-12-19 00:10 . 2012-12-19 00:10 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-12-19 00:02 . 2012-10-03 13:11 433976 ----a-w- c:\windows\system32\drivers\b57nd60a.sys 2012-12-18 23:51 . 2012-12-18 23:51 -------- d-----w- c:\program files\ma-config.com 2012-12-18 23:51 . 2012-12-18 23:51 -------- d-----w- c:\programdata\ma-config.com 2012-12-18 23:49 . 2012-12-18 23:49 -------- d-----w- c:\program files (x86)\GBoost 2012-12-18 23:46 . 2012-12-18 23:46 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack 2012-12-18 23:44 . 2007-04-04 17:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll 2012-12-18 23:33 . 2012-12-18 23:35 -------- d-----w- c:\program files\QuickMediaConverter 2012-12-18 23:30 . 2013-01-12 14:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-18 23:30 . 2012-12-18 23:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-12-18 23:25 . 2012-12-18 23:36 -------- d-----w- c:\program files (x86)\uTorrent 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-18 23:23 . 2012-12-18 23:24 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\programdata\Apple Computer 2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-12-18 23:20 . 2012-12-18 23:20 -------- d-----w- c:\program files (x86)\PhotoFiltre 7 2012-12-18 23:07 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2012-12-18 23:07 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-12-18 23:07 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-12-18 23:07 . 2012-05-05 09:54 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-12-18 23:07 . 2012-12-18 23:15 -------- d-----w- c:\program files (x86)\PDFCreator 2012-12-18 23:07 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-12-18 23:07 . 1998-07-13 00:08 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL 2012-12-18 23:07 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL 2012-12-18 23:07 . 1998-07-13 00:08 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL 2012-12-18 23:03 . 2012-12-18 23:03 -------- d-----w- c:\programdata\Malwarebytes 2012-12-18 23:03 . 2013-01-06 23:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-18 23:03 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-18 23:03 . 2012-12-18 23:03 -------- d-----w- c:\program files (x86)\HDDGURU LLF Tool 2012-12-18 23:01 . 2012-12-18 23:01 -------- d-----w- c:\program files (x86)\Duplicate Cleaner 2012-12-18 23:00 . 2012-12-18 23:00 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-18 22:59 . 2012-12-18 22:59 -------- d-----w- c:\program files (x86)\CDBurnerXP 2012-12-18 22:58 . 2013-01-02 22:40 -------- d-----w- c:\program files\CCleaner 2012-12-18 22:58 . 2013-01-06 23:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-12-18 22:52 . 2012-12-18 22:52 -------- d-----w- c:\program files\WinRAR 2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-18 11:02 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-18 10:59 . 2012-12-18 10:59 -------- d-----w- c:\program files (x86)\VideoLAN 2012-12-18 10:51 . 2012-12-18 10:51 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-18 10:51 . 2012-12-18 10:51 -------- d-----w- c:\windows\system32\Wat 2012-12-18 10:39 . 2013-01-08 19:54 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-18 10:39 . 2013-01-08 19:54 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-18 10:39 . 2012-12-18 10:39 -------- d-----w- c:\windows\SysWow64\Macromed 2012-12-18 10:39 . 2012-12-18 10:39 -------- d-----w- c:\windows\system32\Macromed 2012-12-18 10:36 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll 2012-12-18 10:36 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-12-18 10:36 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-17 22:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-12-17 22:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-12-03 15:47 . 2011-06-14 01:40 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-03 15:47 . 2011-06-14 01:40 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-03 15:47 . 2011-06-14 01:40 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-03 15:47 . 2011-06-14 01:40 2816824 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-01 05:49 . 2011-01-19 12:28 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-01 05:49 . 2011-01-19 12:28 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-01 05:49 . 2011-01-19 12:28 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 05:49 . 2011-01-19 12:28 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-01 05:48 . 2011-01-19 12:28 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 05:48 . 2011-01-19 12:28 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-11-30 04:45 . 2013-01-09 20:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-16 08:38 . 2012-12-17 23:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-17 23:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-17 23:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-01-06 1038088] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-18 1255736] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640] S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-29 3463080] S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912] S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-26 32256] . . Contenu du dossier 'Tâches planifiées' . 2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 19:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Ajouter au fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.254 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL FF - ProfilePath - c:\users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\ FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2013-01-13 16:31:14 ComboFix-quarantined-files.txt 2013-01-13 15:31 . Avant-CF: 163 161 419 776 octets libres Après-CF: 162 989 158 400 octets libres . - - End Of File - - A9BD8473A5571E79EF3B9340ED85D3F7 My PC is now running fine
  7. BatTheFat
    Hi, Before the use of your tools, impossible to get rid of the whitesmoke toolbar nor to change the startpage of my browsers. However my computer worked correctly. Apparently these problems are resolved from now on after the use of your tools, here is reports: Attach.txt : . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Édition Intégrale Boot Device: \Device\HarddiskVolume4 Install Date: 17/12/2012 22:06:45 System Uptime: 10/01/2013 21:54:22 (3 hours ago) . Motherboard: Apple Inc. | | Mac-F22586C8 Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | U2E1 | 2634/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 158,057 GiB free. D: is FIXED (HFS) - 232 GiB total, 159,722 GiB free. E: is CDROM () F: is Removable G: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B36 Device ID: PCI\VEN_8086&DEV_3B36&SUBSYS_72708086&REV_06\3&11583659&0&E8 Manufacturer: Intel Name: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B36 PNP Device ID: PCI\VEN_8086&DEV_3B36&SUBSYS_72708086&REV_06\3&11583659&0&E8 Service: usbuhci . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B3B Device ID: PCI\VEN_8086&DEV_3B3B&SUBSYS_72708086&REV_06\3&11583659&0&D0 Manufacturer: Intel Name: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B3B PNP Device ID: PCI\VEN_8086&DEV_3B3B&SUBSYS_72708086&REV_06\3&11583659&0&D0 Service: usbuhci . ==== System Restore Points =================== . RP37: 10/01/2013 21:31:49 - Point de contrôle planifié . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe Anchor Service x64 CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CMaps x64 CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Creative Suite 4 Design Premium Adobe CSI CS4 Adobe CSI CS4 x64 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Drive CS4 x64 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI fr Adobe Flash CS4 STI-fr Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Fonts All x64 Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe InDesign CS4 Icon Handler x64 Adobe Linguistics CS4 Adobe Linguistics CS4 x64 Adobe Media Encoder CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe PDF Library Files x64 CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 (64 Bit) Adobe Photoshop CS4 Support Adobe Reader XI (11.0.01) - Français Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Type Support CS4 Adobe Type Support x64 CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin x64 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Apple Application Support Apple Software Update Assassin's Creed II µTorrent avast! Free Antivirus CCleaner CDBurnerXP Combined Community Codec Pack 2011-11-11 Connect DAEMON Tools Lite Duplicate Cleaner Free 3.0.1 FileZilla Client 3.6.0.2 GBoost Hard Disk Low Level Format Tool 4.25 Java 7 Update 10 Java Auto Updater kuler Ma-Config.com (64 bits) Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Access MUI (French) 2013 Microsoft DCF MUI (French) 2013 Microsoft Excel MUI (French) 2013 Microsoft Groove MUI (French) 2013 Microsoft InfoPath MUI (French) 2013 Microsoft Lync MUI (French) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (French) 2013 Microsoft Office OSM UX MUI (French) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Professionnel Plus 2013 Microsoft Office Proofing (French) 2013 Microsoft Office Proofing Tools 2013 - ????? ??????? Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Español Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 32-bit MUI (French) 2013 Microsoft Office Shared MUI (French) 2013 Microsoft OneNote MUI (French) 2013 Microsoft Outlook MUI (French) 2013 Microsoft PowerPoint MUI (French) 2013 Microsoft Publisher MUI (French) 2013 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Word MUI (French) 2013 Mises à jour NVIDIA 1.11.3 Mozilla Firefox 17.0.1 (x86 fr) Mozilla Maintenance Service NVIDIA Display Control Panel NVIDIA Install Application NVIDIA Logiciel système PhysX 9.12.1031 NVIDIA PhysX NVIDIA Pilote 3D Vision 310.70 NVIDIA Pilote audio HD : 1.3.18.0 NVIDIA Pilote graphique 310.70 NVIDIA Stereoscopic 3D Driver NVIDIA Update Components Outils de vérification linguistique 2013 de Microsoft Office - Français Package de pilotes Windows - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) Package de pilotes Windows - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) Package de pilotes Windows - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Package de pilotes Windows - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) Package de pilotes Windows - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Package de pilotes Windows - Apple Inc. Apple Display (01/23/2009 3.0.0.0) Package de pilotes Windows - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) Package de pilotes Windows - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) Package de pilotes Windows - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) Package de pilotes Windows - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) Package de pilotes Windows - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) Package de pilotes Windows - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) Package de pilotes Windows - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) Package de pilotes Windows - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) Package de pilotes Windows - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) Package de pilotes Windows - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) Package de pilotes Windows - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) Package de pilotes Windows - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) Package de pilotes Windows - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) Package de pilotes Windows - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) Package de pilotes Windows - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) Package de pilotes Windows - Intel (e1express) Net (03/26/2010 9.13.41.0) Package de pilotes Windows - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) Package de pilotes Windows - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) Package de pilotes Windows - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) Package de pilotes Windows - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) Package de pilotes Windows - Intel System (07/20/2007 1.2.76.0) Package de pilotes Windows - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) Panneau de configuration NVIDIA 310.70 PDF Settings CS4 PDFCreator PhotoFiltre 7 Photoshop Camera Raw Photoshop Camera Raw_x64 Pixel Bender Toolkit QUICK MEDIA CONVERTER HD QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Services Boot Camp Spybot - Search & Destroy Steinberg Cubase 5 Suite Shared Configuration CS4 TeamViewer 8 Thrustmaster Force Feedback Driver Tomb Raider: Underworld 1.1 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.5 WinRAR 4.01 (64-bit) xp-AntiSpy 3.97-9 . ==== End Of File =========================== DDS.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2 Run by Bat The Fat at 0:12:56 on 2013-01-11 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6518 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AppleOSSMgr.exe C:\Windows\system32\AppleTimeSrv.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\osk.exe C:\Program Files\Boot Camp\Bootcamp.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\StikyNot.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned> BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.254 TCP: Interfaces\{00F153E2-EC56-4F99-A6CF-F2C9B063E54C} : DHCPNameServer = 192.168.0.254 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CUI=SB_CUI&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll FF - plugin: C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-01-06 23:25; {72a0f495-ba60-4524-827b-b36b8c18587a}; C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a} . ============= SERVICES / DRIVERS =============== . R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024] R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-18 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-18 370288] R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640] R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-18 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-18 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-18 44808] R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752] R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-19 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-19 3463080] R3 acpials;Filtre du capteur de lumière ambiante;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728] R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-12-17 18944] R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2012-12-17 12288] R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2012-12-17 38912] R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-12-17 18432] R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-12-17 18432] R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-12-17 32256] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-6 1038088] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-18 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-18 57856] S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-01-09 21:33:05 99328 ----a-w- C:\Windows\System32\_IsRes.dll 2013-01-09 21:33:05 41472 ----a-w- C:\Windows\System32\tmffbdrv.dll 2013-01-09 21:33:05 264192 ----a-w- C:\Windows\System32\tmffbcpl.dll 2013-01-09 21:33:05 208304 ----a-w- C:\Windows\System32\isrt.dll 2013-01-09 21:32:56 35840 ----a-w- C:\Windows\SysWow64\tmffbdrv.dll 2013-01-09 21:32:56 238592 ----a-w- C:\Windows\SysWow64\tmffbcpl.dll 2013-01-09 21:32:56 -------- d-----w- C:\Program Files (x86)\Thrustmaster 2013-01-09 20:58:18 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 20:58:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-09 20:58:07 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-01-09 20:58:07 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-09 20:58:06 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-09 20:58:06 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-09 20:58:04 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-09 20:58:04 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-09 20:58:04 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-09 20:58:03 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-08 10:56:48 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA56E3DE-3D51-4169-8BAB-2B79A630B1D2}\mpengine.dll 2013-01-07 22:49:16 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Ubisoft 2013-01-07 22:42:31 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll 2013-01-07 22:42:31 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll 2013-01-07 22:42:31 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll 2013-01-07 22:42:31 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll 2013-01-07 22:42:29 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll 2013-01-07 22:42:29 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2013-01-06 22:25:28 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\SwvUpdater 2013-01-06 22:23:14 -------- d-----w- C:\ProgramData\InstallMate 2013-01-06 21:12:29 -------- d-----w- C:\ProgramData\ALM 2013-01-06 21:09:43 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2013-01-06 21:04:33 -------- d-----w- C:\Windows\SysWow64\spool 2013-01-06 21:02:18 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2013-01-06 21:00:58 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared 2013-01-02 21:57:19 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\VST3 Presets 2013-01-02 21:57:19 -------- d-----w- C:\ProgramData\Steinberg 2013-01-02 21:55:53 -------- d-----w- C:\Program Files\Steinberg 2013-01-02 21:53:23 2395648 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL 2013-01-02 21:53:22 16138240 ----a-w- C:\HALionOne.dll 2013-01-02 21:53:17 -------- d-----w- C:\Program Files (x86)\Common Files\VST3 2013-01-02 21:44:28 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Steinberg 2013-01-02 21:44:28 -------- d-----w- C:\Program Files (x86)\Steinberg 2013-01-02 20:33:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2013-01-02 20:33:01 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2013-01-02 20:32:32 -------- d-----w- C:\Windows\PCHEALTH 2013-01-02 20:32:32 -------- d-----w- C:\Program Files\Microsoft SQL Server 2013-01-02 20:30:33 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2013-01-02 20:30:33 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-01-02 20:29:34 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Microsoft Help 2012-12-26 15:02:19 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-26 15:02:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-26 15:02:18 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-26 15:02:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-19 20:58:33 -------- d---a-w- C:\.Trashes.35ajrB 2012-12-19 20:58:33 -------- d---a-w- C:\.Trashes 2012-12-19 10:39:30 -------- d-----w- C:\PAS TOUCHE 2012-12-19 10:33:40 -------- d-----w- C:\ProgramData\Media Center Programs 2012-12-19 10:27:43 -------- d-----w- C:\Program Files (x86)\Eidos 2012-12-19 10:15:06 -------- d-----w- C:\Users\Bat The Fat\Isos Jeux 2012-12-19 07:27:05 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-12-19 00:28:41 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-19 00:28:40 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-12-19 00:28:28 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-19 00:21:22 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-12-19 00:02:26 433976 ----a-w- C:\Windows\System32\drivers\b57nd60a.sys 2012-12-18 23:51:45 -------- d-----w- C:\ProgramData\ma-config.com 2012-12-18 23:51:45 -------- d-----w- C:\Program Files\ma-config.com 2012-12-18 23:50:20 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\LiveGBoost 2012-12-18 23:50:11 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\GZero 2012-12-18 23:50:00 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\GZero 2012-12-18 23:49:54 -------- d-----w- C:\Program Files (x86)\GBoost 2012-12-18 23:46:24 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack 2012-12-18 23:44:59 403304 ----a-w- C:\Windows\System32\xactengine2_7.dll 2012-12-18 23:40:09 -------- d--h--w- C:\Windows\msdownld.tmp 2012-12-18 23:40:01 -------- d-----w- C:\Windows\SysWow64\directx 2012-12-18 23:33:15 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Cocoon Software 2012-12-18 23:33:14 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\WDSetup 2012-12-18 23:33:11 -------- d-----w- C:\Program Files\QuickMediaConverter 2012-12-18 23:30:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-12-18 23:30:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-12-18 23:25:19 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-12-18 23:24:47 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\uTorrent 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-18 23:20:45 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\PhotoFiltre 7 2012-12-18 23:20:43 -------- d-----w- C:\Program Files (x86)\PhotoFiltre 7 2012-12-18 23:11:45 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Adobe 2012-12-18 23:08:01 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\pdfforge 2012-12-18 23:07:59 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX 2012-12-18 23:07:59 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX 2012-12-18 23:07:59 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-12-18 23:07:59 103936 ----a-w- C:\Windows\System32\pdfcmon.dll 2012-12-18 23:07:58 59904 ----a-w- C:\Windows\SysWow64\MSCC2FR.DLL 2012-12-18 23:07:58 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL 2012-12-18 23:07:58 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL 2012-12-18 23:07:58 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL 2012-12-18 23:07:58 -------- d-----w- C:\Program Files (x86)\PDFCreator 2012-12-18 23:05:40 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Programs 2012-12-18 23:03:54 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Malwarebytes 2012-12-18 23:03:46 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-18 23:03:45 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-18 23:03:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-18 23:03:12 -------- d-----w- C:\Program Files (x86)\HDDGURU LLF Tool 2012-12-18 23:01:32 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\DigitalVolcano 2012-12-18 23:01:13 -------- d-----w- C:\Program Files (x86)\Duplicate Cleaner 2012-12-18 23:00:12 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Canneverbe Limited 2012-12-18 23:00:12 -------- d-----w- C:\ProgramData\Canneverbe Limited 2012-12-18 22:58:45 -------- d-----w- C:\Program Files\CCleaner 2012-12-18 22:54:03 -------- d-----w- C:\Program Files (x86)\xp-AntiSpy 2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-12-18 10:59:28 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-12-18 10:51:47 -------- d-----w- C:\Windows\SysWow64\Wat 2012-12-18 10:51:47 -------- d-----w- C:\Windows\System32\Wat 2012-12-18 10:39:29 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Macromedia 2012-12-18 10:39:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-18 10:39:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-18 10:36:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-12-18 10:36:01 2565632 ----a-w- C:\Windows\System32\esent.dll 2012-12-18 10:36:00 96768 ----a-w- C:\Windows\System32\fsutil.exe 2012-12-18 10:36:00 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2012-12-18 10:36:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2012-12-18 10:36:00 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2012-12-18 10:36:00 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2012-12-18 10:36:00 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2012-12-18 10:36:00 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2012-12-18 10:36:00 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2012-12-18 10:36:00 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2012-12-18 05:56:06 -------- d-----w- C:\Windows\Panther 2012-12-18 05:55:58 -------- d-sh--w- C:\Boot 2012-12-17 23:54:31 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui 2012-12-17 23:54:31 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-12-17 23:54:30 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-12-17 23:54:30 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-12-17 23:54:30 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-12-17 23:47:09 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-12-17 23:42:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-12-17 23:42:33 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-12-17 23:42:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-12-17 23:42:33 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-12-17 23:42:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-12-17 23:42:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-12-17 23:42:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-12-17 23:41:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-12-17 23:41:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-12-17 23:41:27 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-12-17 23:41:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-12-17 23:41:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-12-17 23:38:42 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-12-17 23:37:56 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-12-17 23:36:59 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2012-12-17 23:35:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-12-17 23:27:15 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-12-17 23:27:13 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-12-17 23:27:13 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-12-17 23:27:12 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-12-17 23:27:12 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-12-17 23:27:11 77312 ----a-w- C:\Windows\System32\packager.dll 2012-12-17 23:27:11 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-12-17 23:12:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-12-17 23:12:12 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-12-17 23:11:58 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-12-17 23:11:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-12-17 23:11:57 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-12-17 23:11:46 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-12-17 23:11:42 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-12-17 22:10:39 41224 ----a-w- C:\Windows\avastSS.scr 2012-12-17 22:10:30 -------- d-----w- C:\ProgramData\AVAST Software 2012-12-17 22:10:30 -------- d-----w- C:\Program Files\AVAST Software 2012-12-17 22:02:52 -------- d-----w- C:\Windows\System32\SPReview 2012-12-17 21:48:27 6144 ----a-w- C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui 2012-12-17 21:48:27 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui 2012-12-17 21:48:20 4096 ----a-w- C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui 2012-12-17 21:47:51 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui 2012-12-17 21:47:50 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui 2012-12-17 21:42:37 7168 ----a-w- C:\Windows\System32\drivers\fr-FR\rdvgkmd.sys.mui 2012-12-17 21:42:37 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\rdpwd.sys.mui 2012-12-17 21:42:36 3072 ----a-w- C:\Windows\System32\drivers\fr-FR\serscan.sys.mui 2012-12-17 21:42:33 4608 ----a-w- C:\Windows\System32\drivers\fr-FR\tsusbhub.sys.mui 2012-12-17 21:38:27 -------- d-----w- C:\Windows\System32\EventProviders 2012-12-17 21:26:12 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys 2012-12-17 21:26:00 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\DAEMON Tools Lite 2012-12-17 21:25:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2012-12-17 21:25:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2012-12-17 21:15:01 -------- d-----w- C:\Program Files\Boot Camp 2012-12-17 21:14:57 18944 ----a-w- C:\Windows\System32\drivers\AppleBtBc.sys 2012-12-17 21:14:39 255592 ----a-w- C:\Windows\System32\nvcohda6.dll 2012-12-17 21:14:05 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2012-12-17 21:13:58 -------- d-----w- C:\Intel 2012-12-17 21:13:22 38912 ----a-w- C:\Windows\System32\drivers\applemtp.sys 2012-12-17 21:13:22 12288 ----a-w- C:\Windows\System32\drivers\applemtm.sys 2012-12-17 21:13:12 18432 ----a-w- C:\Windows\System32\drivers\IRFilter.sys 2012-12-17 21:13:05 75112 ----a-w- C:\Windows\System32\CirrusAPO_x64.dll 2012-12-17 21:13:05 18432 ----a-w- C:\Windows\System32\drivers\CS420x64.sys 2012-12-17 21:13:04 -------- d-----w- C:\Program Files (x86)\Motorola 2012-12-17 21:11:42 32256 ----a-w- C:\Windows\System32\drivers\KeyMagic.sys 2012-12-17 21:11:42 1919968 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll 2012-12-17 21:10:42 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2012-12-17 21:10:14 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-12-17 21:10:13 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-12-17 21:09:51 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Apple 2012-12-17 21:08:48 -------- d-sh--w- C:\Windows\Installer . ==================== Find3M ==================== . 2012-12-17 22:00:01 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-12-17 22:00:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll 2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll 2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-11-30 21:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 0:13:22,27 =============== Checkup.txt : Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File xp-AntiSpy 3.97-9 Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Duplicate Cleaner Free 3.0.1 Java 7 Update 10 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: = ````````````````````End of Log`````````````````````` AdwCleaner[s1].txt : # AdwCleaner v2.105 - Rapport créé le 11/01/2013 à 07:19:34 # Mis à jour le 08/01/2013 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits) # Nom d'utilisateur : Bat The Fat - BC-W7-64B # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Bat The Fat\Desktop\Nouveau dossier\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\ProgramData\InstallMate Dossier Supprimé : C:\Users\Bat The Fat\AppData\Local\SwvUpdater Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\CT3272810 Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a} Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\Smartbar Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\pdfforge Dossier Supprimé : C:\Users\BATTHE~1\AppData\Local\Temp\CT3272810 Fichier Supprimé : C:\END ***** [Registre] ***** Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar ***** [Navigateurs] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v17.0.1 (fr) Fichier : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\prefs.js Supprimée : user_pref("CT3272810.1000082.isDisplayHidden", "true"); Supprimée : user_pref("CT3272810.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Supprimée : user_pref("CT3272810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3272810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Supprimée : user_pref("CT3272810.FirstTime", "true"); Supprimée : user_pref("CT3272810.FirstTimeFF3", "true"); Supprimée : user_pref("CT3272810.InstallDate", "6/1/2013 23:24:54"); Supprimée : user_pref("CT3272810.LoginRevertSettingsEnabled", true); Supprimée : user_pref("CT3272810.RevertSettingsEnabled", true); Supprimée : user_pref("CT3272810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...] Supprimée : user_pref("CT3272810.UserID", "UN22335164376899436"); Supprimée : user_pref("CT3272810.addressBarTakeOverEnabledInHidden", "true"); Supprimée : user_pref("CT3272810.autoDisableScopes", -1); Supprimée : user_pref("CT3272810.browser.search.defaultthis.engineName", true); Supprimée : user_pref("CT3272810.cb_user_id_000.enc", "Q0IxMzA3NzIzNDUyNTdfMTM1NzUxMTYzNDY4Ml9GaXJlZm94"); Supprimée : user_pref("CT3272810.cbfirsttime.enc", "U3VuIEphbiAwNiAyMDEzIDIzOjMzOjUyIEdNVCswMTAw"); Supprimée : user_pref("CT3272810.defaultSearch", "true"); Supprimée : user_pref("CT3272810.embeddedsData", "[{\"appId\":\"130004960265293823\",\"apiPermissions\":{\"cross[...] Supprimée : user_pref("CT3272810.enableAlerts", "always"); Supprimée : user_pref("CT3272810.enableSearchFromAddressBar", "true"); Supprimée : user_pref("CT3272810.firstTimeDialogOpened", "true"); Supprimée : user_pref("CT3272810.first_time_search.enc", "MQ=="); Supprimée : user_pref("CT3272810.fixPageNotFoundError", "true"); Supprimée : user_pref("CT3272810.fixPageNotFoundErrorInHidden", "true"); Supprimée : user_pref("CT3272810.fixUrls", true); Supprimée : user_pref("CT3272810.hxxp___api15_starwebnet_com.pid2.enc", "YmRiYzdmMmRmNTFiM2RiNA=="); Supprimée : user_pref("CT3272810.hxxp___api18_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA=="); Supprimée : user_pref("CT3272810.hxxp___api19_starwebnet_com.pid2.enc", "ZmMzN2UyNGYzNzZiODgwMA=="); Supprimée : user_pref("CT3272810.hxxp___api20_starwebnet_com.pid2.enc", "YTUxNDA4YTljYzI2OWJkNg=="); Supprimée : user_pref("CT3272810.hxxp___api21_starwebnet_com.pid2.enc", "Zjk2MDQyNDgzOGE1NzE0Yw=="); Supprimée : user_pref("CT3272810.hxxp___api22_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA=="); Supprimée : user_pref("CT3272810.hxxp___api25_starwebnet_com.pid2.enc", "NDQzNDRjMGM4ZjMzYWFiYQ=="); Supprimée : user_pref("CT3272810.hxxp___api28_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA=="); Supprimée : user_pref("CT3272810.hxxp___api29_starwebnet_com.pid2.enc", "YmRiYzdmMmRmNTFiM2RiNA=="); Supprimée : user_pref("CT3272810.hxxp___api30_starwebnet_com.pid2.enc", "OWYzZTI5NDRmNWEwNTAyYw=="); Supprimée : user_pref("CT3272810.hxxp___api31_starwebnet_com.pid2.enc", "MjNkOTE3N2NhNjE3OTFlYw=="); Supprimée : user_pref("CT3272810.hxxp___api32_starwebnet_com.pid2.enc", "ZWQwZDcyNDIxZmY0MTJkOA=="); Supprimée : user_pref("CT3272810.hxxp___api6_starwebnet_com.pid2.enc", "ZmMzN2UyNGYzNzZiODgwMA=="); Supprimée : user_pref("CT3272810.installId", "9818"); Supprimée : user_pref("CT3272810.installType", "conduitnsisintegration"); Supprimée : user_pref("CT3272810.isCheckedStartAsHidden", true); Supprimée : user_pref("CT3272810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3272810.isFirstTimeToolbarLoading", "false"); Supprimée : user_pref("CT3272810.isNewTabEnabled", true); Supprimée : user_pref("CT3272810.isPerformedSmartBarTransition", "true"); Supprimée : user_pref("CT3272810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Supprimée : user_pref("CT3272810.keyword", true); Supprimée : user_pref("CT3272810.mam_CouponBuddy_appState.enc", "b24="); Supprimée : user_pref("CT3272810.mam_PriceGong_appState.enc", "b24="); Supprimée : user_pref("CT3272810.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...] Supprimée : user_pref("CT3272810.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...] Supprimée : user_pref("CT3272810.mam_gk_first_time.enc", "MQ=="); Supprimée : user_pref("CT3272810.mam_gk_lastLoginTime.enc", "MTM1Nzg4MjY3Mjk0OQ=="); Supprimée : user_pref("CT3272810.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...] Supprimée : user_pref("CT3272810.mam_gk_userId.enc", "ODVlN2EyYTItOTNiMC00MDkxLTk0ZWItMTM0MTJmN2FkY2Ji"); Supprimée : user_pref("CT3272810.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...] Supprimée : user_pref("CT3272810.migrateAppsAndComponents", true); Supprimée : user_pref("CT3272810.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...] Supprimée : user_pref("CT3272810.openThankYouPage", "false"); Supprimée : user_pref("CT3272810.openUninstallPage", "false"); Supprimée : user_pref("CT3272810.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...] Supprimée : user_pref("CT3272810.revertSettingsEnabled", "false"); Supprimée : user_pref("CT3272810.search.searchAppId", "130004960265293823"); Supprimée : user_pref("CT3272810.search.searchCount", "0"); Supprimée : user_pref("CT3272810.searchInNewTabEnabledInHidden", "true"); Supprimée : user_pref("CT3272810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3272810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Supprimée : user_pref("CT3272810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Supprimée : user_pref("CT3272810.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357511121452"); Supprimée : user_pref("CT3272810.serviceLayer_services_appsMetadata_lastUpdate", "1357857527988"); Supprimée : user_pref("CT3272810.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357511122093"); Supprimée : user_pref("CT3272810.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357882790003"); Supprimée : user_pref("CT3272810.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357511122049"); Supprimée : user_pref("CT3272810.serviceLayer_services_searchAPI_lastUpdate", "1357837334242"); Supprimée : user_pref("CT3272810.serviceLayer_services_serviceMap_lastUpdate", "1357837334057"); Supprimée : user_pref("CT3272810.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357511122006"); Supprimée : user_pref("CT3272810.serviceLayer_services_toolbarSettings_lastUpdate", "1357882789781"); Supprimée : user_pref("CT3272810.serviceLayer_services_translation_lastUpdate", "1357837334369"); Supprimée : user_pref("CT3272810.serviceLayer_services_userApps_lastUpdate", "1357884910110"); Supprimée : user_pref("CT3272810.settingsINI", true); Supprimée : user_pref("CT3272810.shouldFirstTimeDialog", "false"); Supprimée : user_pref("CT3272810.smartbar.CTID", "CT3272810"); Supprimée : user_pref("CT3272810.smartbar.Uninstall", "0"); Supprimée : user_pref("CT3272810.smartbar.homepage", true); Supprimée : user_pref("CT3272810.smartbar.toolbarName", "WhiteSmoke US New E1 "); Supprimée : user_pref("CT3272810.startPage", "userChanged"); Supprimée : user_pref("CT3272810.toolbarBornServerTime", "7-1-2013"); Supprimée : user_pref("CT3272810.toolbarCurrentServerTime", "11-1-2013"); Supprimée : user_pref("CT3272810.url_history0001.enc", "aHR0cDovL2ZvcnVtcy5tYWx3YXJlYnl0ZXMub3JnL2luZGV4LnBocD9h[...] Supprimée : user_pref("CT3272810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Supprimée : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT327281[...] Supprimée : user_pref("Smartbar.ConduitSearchEngineList", ""); Supprimée : user_pref("Smartbar.ConduitSearchUrlList", ""); Supprimée : user_pref("Smartbar.keywordURLSelectedCTID", "CT3272810"); Supprimée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CU[...] Supprimée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT3272810[...] Supprimée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Supprimée : user_pref("smartbar.originalHomepage", "about:home"); Supprimée : user_pref("smartbar.originalSearchAddressUrl", ""); Supprimée : user_pref("smartbar.originalSearchEngine", false); ************************* AdwCleaner[s1].txt - [10661 octets] - [11/01/2013 07:19:34] ########## EOF - C:\AdwCleaner[s1].txt - [10722 octets] ########## RKreport : RogueKiller V8.4.3 [Jan 10 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Bat The Fat [Droits d'admin] Mode : Suppression -- Date : 11/01/2013 07:31:45 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPKT-75PK4T0 ATA Device +++++ --- User --- [MBR] e5d3ac4ab594ac0718519912c9520365 [bSP] aac4ff0f549820945ee38b0511ad9d7f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo 1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 237464 Mo 2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 486737768 | Size: 619 Mo 3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 488007680 | Size: 238655 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2]_D_11012013_073145.txt >> RKreport[1]_S_11012013_073044.txt ; RKreport[2]_D_11012013_073145.txt
  8. BatTheFat
    Hi, I've already read the topics dedicated to whitesmoke on malwarebytes site. I made a complete analyse with malwarebytes and it didn't solve my problem. So I followed your instructions and I send you the content of the following documents dds.txt ans attach.txt And excuse-me for my bad english I'm french...) : Best regards attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.