BatTheFat
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by BatTheFat
-
-
As promised...
:MBAM logfile:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Version de la base de données: v2013.01.28.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bat The Fat :: BC-W7-64B [administrateur]
28/01/2013 21:42:37
mbam-log-2013-01-28 (21-42-37).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 235287
Temps écoulé: 2 minute(s), 16 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
Hijackthis logfile:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:49:09, on 28/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Users\Bat The Fat\Desktop\Désinfection whitesmoke\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-3804491217-1590960393-4230494032-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3804491217-1590960393-4230494032-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\x64\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
--
End of file - 24553 bytes
-
Hi,
Sorry again for answering so late.
I uninsalled uTorrent and I updated Java to 7 v11 (I heard about a big prob of security with 7v10).
I use CCleaner since a long time, I use it daily and update it as soon as a new version appears (actually v3.27.xxx), same thing with mbam free version, updated by myself 3 or 4 times per week.
So I'll send you in the next hours what u asked me.
BatTheFat
PS: sorry for my bad english
-
Hi,
My computer run fines
Here is le combofix log :
ComboFix 13-01-21.04 - Bat The Fat 21/01/2013 19:26:57.2.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6570 [GMT 1:00]
Lancé depuis: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\ComboFix.exe
Commutateurs utilisés :: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-21 au 2013-01-21 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-21 18:31 . 2013-01-21 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-21 18:31 . 2013-01-21 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 11:47 . 2009-08-19 22:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-01-20 21:43 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA8C7D67-34F4-4F6A-A163-428C7967608C}\mpengine.dll
2013-01-17 22:59 . 2009-08-19 22:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2013-01-17 19:51 . 2013-01-17 19:51 -------- d-----w- c:\program files\TAP-Windows
2013-01-17 19:51 . 2013-01-17 19:51 -------- d-----w- c:\program files\OpenVPN
2013-01-15 17:21 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 22:56 . 2013-01-17 19:41 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\TeamViewer
2013-01-13 18:53 . 2013-01-13 18:53 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\NVIDIA
2013-01-13 18:53 . 2013-01-15 17:23 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Media Player Classic
2013-01-13 18:39 . 2013-01-13 18:39 -------- d-----w- c:\users\Bat The Fat\AppData\Local\Ubisoft Game Launcher
2013-01-09 21:33 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll
2013-01-09 21:33 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll
2013-01-09 21:33 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll
2013-01-09 21:33 . 2006-05-16 14:08 99328 ----a-w- c:\windows\system32\_IsRes.dll
2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\program files (x86)\Thrustmaster
2013-01-09 21:32 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll
2013-01-09 21:32 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll
2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\InstallShield
2013-01-09 20:58 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:58 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 20:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 20:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 20:58 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:58 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 20:58 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:58 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 20:58 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 20:58 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-07 22:49 . 2013-01-14 13:53 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Ubisoft
2013-01-07 22:49 . 2013-01-14 13:45 -------- d-----w- c:\programdata\Ubisoft
2013-01-07 22:42 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-01-07 22:36 . 2013-01-14 13:36 -------- d-----w- c:\program files (x86)\Ubisoft
2013-01-06 21:30 . 2013-01-14 17:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\FileZilla
2013-01-06 21:30 . 2013-01-06 21:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2013-01-06 21:18 . 2013-01-06 22:39 -------- d-----w- c:\programdata\FLEXnet
2013-01-06 21:14 . 2013-01-17 23:08 -------- d-----w- c:\program files\Adobe
2013-01-06 21:12 . 2013-01-06 21:12 -------- d-----w- c:\programdata\ALM
2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\windows\SysWow64\spool
2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\program files (x86)\Adobe Media Player
2013-01-06 21:03 . 2013-01-06 21:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-06 21:02 . 2013-01-06 21:14 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-06 21:02 . 2013-01-06 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-01-06 21:00 . 2013-01-06 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\VST3 Presets
2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\programdata\Steinberg
2013-01-02 21:55 . 2013-01-02 21:55 -------- d-----w- c:\program files\Steinberg
2013-01-02 21:53 . 2009-12-19 10:18 2395648 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2013-01-02 21:53 . 2007-08-24 12:24 16138240 ----a-w- C:\HALionOne.dll
2013-01-02 21:53 . 2013-01-02 21:53 -------- d-----w- c:\program files (x86)\Common Files\VST3
2013-01-02 21:44 . 2013-01-02 21:57 -------- d-----w- c:\users\Bat The Fat\AppData\Roaming\Steinberg
2013-01-02 21:44 . 2013-01-02 21:44 -------- d-----w- c:\program files (x86)\Steinberg
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft.NET
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-01-02 20:32 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft SQL Server
2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\windows\PCHEALTH
2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-01-02 20:29 . 2013-01-02 20:29 -------- d-----w- c:\users\Bat The Fat\AppData\Local\Microsoft Help
2013-01-02 20:29 . 2013-01-02 20:32 -------- d-----w- c:\program files\Microsoft Office
2013-01-02 20:29 . 2013-01-02 20:53 -------- d-----w- c:\programdata\Microsoft Help
2013-01-02 20:28 . 2013-01-02 20:28 -------- d-----r- C:\MSOCache
2012-12-26 15:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-26 15:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-26 15:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-26 15:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 10:14 . 2012-12-17 23:51 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 19:54 . 2012-12-18 10:39 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 19:54 . 2012-12-18 10:39 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-19 10:18 . 2012-12-17 21:26 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-12-19 00:28 . 2012-12-19 00:28 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-19 00:28 . 2012-12-19 00:28 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-17 23:45 . 2012-12-17 23:45 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-17 23:45 . 2012-12-17 23:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-17 23:45 . 2012-12-17 23:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-17 23:45 . 2012-12-17 23:45 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-17 23:45 . 2012-12-17 23:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-17 23:45 . 2012-12-17 23:45 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-12-17 23:45 . 2012-12-17 23:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-17 23:45 . 2012-12-17 23:45 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-17 23:45 . 2012-12-17 23:45 816640 ----a-w- c:\windows\system32\jscript.dll
2012-12-17 23:45 . 2012-12-17 23:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-17 23:45 . 2012-12-17 23:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-17 23:45 . 2012-12-17 23:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-17 23:45 . 2012-12-17 23:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-17 23:45 . 2012-12-17 23:45 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-12-17 23:45 . 2012-12-17 23:45 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-17 23:45 . 2012-12-17 23:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-17 23:45 . 2012-12-17 23:45 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-12-17 23:45 . 2012-12-17 23:45 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-17 23:45 . 2012-12-17 23:45 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-17 23:45 . 2012-12-17 23:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-17 23:45 . 2012-12-17 23:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-17 23:45 . 2012-12-17 23:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-17 23:45 . 2012-12-17 23:45 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-17 23:45 . 2012-12-17 23:45 448512 ----a-w- c:\windows\system32\html.iec
2012-12-17 23:45 . 2012-12-17 23:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-12-17 23:45 . 2012-12-17 23:45 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-17 23:45 . 2012-12-17 23:45 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-17 23:45 . 2012-12-17 23:45 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-17 23:45 . 2012-12-17 23:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-17 23:45 . 2012-12-17 23:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-17 23:45 . 2012-12-17 23:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-17 23:45 . 2012-12-17 23:45 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-17 23:45 . 2012-12-17 23:45 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-17 23:45 . 2012-12-17 23:45 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-17 23:45 . 2012-12-17 23:45 248320 ----a-w- c:\windows\system32\ieui.dll
2012-12-17 23:45 . 2012-12-17 23:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-17 23:45 . 2012-12-17 23:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-17 23:45 . 2012-12-17 23:45 237056 ----a-w- c:\windows\system32\url.dll
2012-12-17 23:45 . 2012-12-17 23:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-17 23:45 . 2012-12-17 23:45 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-17 23:45 . 2012-12-17 23:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-17 23:45 . 2012-12-17 23:45 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-12-17 23:45 . 2012-12-17 23:45 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-17 23:45 . 2012-12-17 23:45 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-12-17 23:45 . 2012-12-17 23:45 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-17 23:45 . 2012-12-17 23:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-17 23:45 . 2012-12-17 23:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-17 23:45 . 2012-12-17 23:45 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-17 23:45 . 2012-12-17 23:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-17 23:45 . 2012-12-17 23:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-17 23:45 . 2012-12-17 23:45 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-17 23:45 . 2012-12-17 23:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-17 23:45 . 2012-12-17 23:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-17 23:45 . 2012-12-17 23:45 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-17 23:45 . 2012-12-17 23:45 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-17 23:45 . 2012-12-17 23:45 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-17 23:45 . 2012-12-17 23:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-12-17 23:45 . 2012-12-17 23:45 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-12-17 23:45 . 2012-12-17 23:45 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-17 23:45 . 2012-12-17 23:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-17 23:45 . 2012-12-17 23:45 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-12-17 23:45 . 2012-12-17 23:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-17 23:45 . 2012-12-17 23:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-17 23:45 . 2012-12-17 23:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-17 23:45 . 2012-12-17 23:45 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-12-17 23:45 . 2012-12-17 23:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-17 23:45 . 2012-12-17 23:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-17 23:45 . 2012-12-17 23:45 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-17 23:45 . 2012-12-17 23:45 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-17 23:45 . 2012-12-17 23:45 103936 ----a-w- c:\windows\system32\inseng.dll
2012-12-17 23:45 . 2012-12-17 23:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-17 22:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-17 22:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-14 15:49 . 2012-12-18 23:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-03 15:47 . 2012-12-19 00:08 9271352 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2012-12-19 00:08 7819016 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2012-12-19 00:08 7446192 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-03 15:47 . 2012-12-19 00:08 6149904 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-03 15:47 . 2012-12-19 00:08 2784104 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2012-12-19 00:08 26811240 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2012-12-19 00:08 2606440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2012-12-19 00:08 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2012-12-19 00:08 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-12-19 00:08 2226024 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-19 00:08 20335976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-03 15:47 . 2012-12-19 00:08 1874280 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2012-12-19 00:08 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-03 15:47 . 2012-12-19 00:08 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2012-12-19 00:08 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-12-19 00:08 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-12-19 00:08 11532648 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-03 15:47 . 2011-06-14 01:40 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2011-06-14 01:40 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2011-06-14 01:40 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-01-06 1038088]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-18 1255736]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-26 32256]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 19:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Ajouter au fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-01-21 19:32:55
ComboFix-quarantined-files.txt 2013-01-21 18:32
.
Avant-CF: 124 330 344 448 octets libres
Après-CF: 124 029 227 008 octets libres
.
- - End Of File - - 4F99DECF5099C76B973A8F4883E6F082
-
Sorry Gringo,
I'll run CFScript as you described in your 13 january post, tonight or tomorrow
-
Hi,
here's the log from Combofix:
ComboFix 13-01-13.01 - Bat The Fat 13/01/2013 16:25:17.1.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6673 [GMT 1:00]
Lancé depuis: c:\users\Bat The Fat\Desktop\DÚsinfection whitesmoke\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-13 au 2013-01-13 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-13 15:29 . 2013-01-13 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 12:14 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCD7EB31-4081-4157-BADA-935CA0999A87}\mpengine.dll
2013-01-09 21:33 . 2012-09-27 11:00 264192 ----a-w- c:\windows\system32\tmffbcpl.dll
2013-01-09 21:33 . 2012-09-27 10:57 41472 ----a-w- c:\windows\system32\tmffbdrv.dll
2013-01-09 21:33 . 2007-04-05 14:37 208304 ----a-w- c:\windows\system32\isrt.dll
2013-01-09 21:33 . 2006-05-16 14:08 99328 ----a-w- c:\windows\system32\_IsRes.dll
2013-01-09 21:32 . 2013-01-09 21:32 -------- d-----w- c:\program files (x86)\Thrustmaster
2013-01-09 21:32 . 2012-09-27 10:59 238592 ----a-w- c:\windows\SysWow64\tmffbcpl.dll
2013-01-09 21:32 . 2012-09-27 10:57 35840 ----a-w- c:\windows\SysWow64\tmffbdrv.dll
2013-01-09 20:58 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:58 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 20:58 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 20:58 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 20:58 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:58 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 20:58 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:58 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 20:58 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 20:58 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-07 22:49 . 2013-01-07 22:49 -------- d-----w- c:\programdata\Ubisoft
2013-01-07 22:42 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-01-07 22:42 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-01-07 22:36 . 2013-01-07 22:43 -------- d-----w- c:\program files (x86)\Ubisoft
2013-01-06 21:30 . 2013-01-06 21:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2013-01-06 21:18 . 2013-01-06 22:39 -------- d-----w- c:\programdata\FLEXnet
2013-01-06 21:14 . 2013-01-06 21:14 -------- d-----w- c:\program files\Adobe
2013-01-06 21:12 . 2013-01-06 21:12 -------- d-----w- c:\programdata\ALM
2013-01-06 21:09 . 2008-04-07 04:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\windows\SysWow64\spool
2013-01-06 21:04 . 2013-01-06 21:04 -------- d-----w- c:\program files (x86)\Adobe Media Player
2013-01-06 21:03 . 2013-01-06 21:03 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-06 21:02 . 2013-01-06 21:14 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-06 21:02 . 2013-01-06 21:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-01-06 21:00 . 2013-01-06 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2013-01-02 21:57 . 2013-01-02 21:57 -------- d-----w- c:\programdata\Steinberg
2013-01-02 21:55 . 2013-01-02 21:55 -------- d-----w- c:\program files\Steinberg
2013-01-02 21:53 . 2009-12-19 10:18 2395648 ----a-w- c:\windows\SysWow64\SYNSOEMU.DLL
2013-01-02 21:53 . 2007-08-24 12:24 16138240 ----a-w- C:\HALionOne.dll
2013-01-02 21:53 . 2013-01-02 21:53 -------- d-----w- c:\program files (x86)\Common Files\VST3
2013-01-02 21:44 . 2013-01-02 21:44 -------- d-----w- c:\program files (x86)\Steinberg
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft.NET
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-01-02 20:33 . 2013-01-02 20:33 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-01-02 20:32 . 2013-01-02 20:33 -------- d-----w- c:\program files\Microsoft SQL Server
2013-01-02 20:32 . 2013-01-02 20:32 -------- d-----w- c:\windows\PCHEALTH
2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-01-02 20:29 . 2013-01-02 20:32 -------- d-----w- c:\program files\Microsoft Office
2013-01-02 20:29 . 2013-01-02 20:53 -------- d-----w- c:\programdata\Microsoft Help
2013-01-02 20:28 . 2013-01-02 20:28 -------- d-----r- C:\MSOCache
2012-12-26 15:02 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-26 15:02 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-26 15:02 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-26 15:02 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 20:58 . 2013-01-02 23:17 -------- d---a-w- C:\.Trashes
2012-12-19 10:39 . 2012-12-19 10:40 -------- d-----w- C:\PAS TOUCHE
2012-12-19 10:33 . 2012-12-19 10:33 -------- d-----w- c:\programdata\Media Center Programs
2012-12-19 10:27 . 2012-12-19 10:27 -------- d-----w- c:\program files (x86)\Eidos
2012-12-19 07:27 . 2012-12-19 07:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-12-19 00:29 . 2012-12-19 00:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-19 00:28 . 2012-12-19 00:28 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-19 00:28 . 2012-12-19 00:28 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-19 00:28 . 2012-12-19 00:28 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-19 00:28 . 2012-12-19 00:28 -------- d-----w- c:\program files (x86)\Java
2012-12-19 00:21 . 2012-12-19 00:21 -------- d-----w- c:\program files (x86)\TeamViewer
2012-12-19 00:11 . 2012-12-19 00:11 -------- d-----w- c:\users\UpdatusUser
2012-12-19 00:10 . 2012-12-19 00:10 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-19 00:02 . 2012-10-03 13:11 433976 ----a-w- c:\windows\system32\drivers\b57nd60a.sys
2012-12-18 23:51 . 2012-12-18 23:51 -------- d-----w- c:\program files\ma-config.com
2012-12-18 23:51 . 2012-12-18 23:51 -------- d-----w- c:\programdata\ma-config.com
2012-12-18 23:49 . 2012-12-18 23:49 -------- d-----w- c:\program files (x86)\GBoost
2012-12-18 23:46 . 2012-12-18 23:46 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2012-12-18 23:44 . 2007-04-04 17:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll
2012-12-18 23:33 . 2012-12-18 23:35 -------- d-----w- c:\program files\QuickMediaConverter
2012-12-18 23:30 . 2013-01-12 14:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-18 23:30 . 2012-12-18 23:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-12-18 23:25 . 2012-12-18 23:36 -------- d-----w- c:\program files (x86)\uTorrent
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-18 23:24 . 2012-12-18 23:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-18 23:23 . 2012-12-18 23:24 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\programdata\Apple Computer
2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-18 23:23 . 2012-12-18 23:23 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-18 23:20 . 2012-12-18 23:20 -------- d-----w- c:\program files (x86)\PhotoFiltre 7
2012-12-18 23:07 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2012-12-18 23:07 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-12-18 23:07 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-12-18 23:07 . 2012-05-05 09:54 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-12-18 23:07 . 2012-12-18 23:15 -------- d-----w- c:\program files (x86)\PDFCreator
2012-12-18 23:07 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-12-18 23:07 . 1998-07-13 00:08 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2012-12-18 23:07 . 1998-07-13 00:08 59904 ----a-w- c:\windows\SysWow64\MSCC2FR.DLL
2012-12-18 23:07 . 1998-07-13 00:08 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2012-12-18 23:03 . 2012-12-18 23:03 -------- d-----w- c:\programdata\Malwarebytes
2012-12-18 23:03 . 2013-01-06 23:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-18 23:03 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-18 23:03 . 2012-12-18 23:03 -------- d-----w- c:\program files (x86)\HDDGURU LLF Tool
2012-12-18 23:01 . 2012-12-18 23:01 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
2012-12-18 23:00 . 2012-12-18 23:00 -------- d-----w- c:\programdata\Canneverbe Limited
2012-12-18 22:59 . 2012-12-18 22:59 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-12-18 22:58 . 2013-01-02 22:40 -------- d-----w- c:\program files\CCleaner
2012-12-18 22:58 . 2013-01-06 23:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-12-18 22:52 . 2012-12-18 22:52 -------- d-----w- c:\program files\WinRAR
2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-12-18 11:02 . 2013-01-02 20:33 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-12-18 10:59 . 2012-12-18 10:59 -------- d-----w- c:\program files (x86)\VideoLAN
2012-12-18 10:51 . 2012-12-18 10:51 -------- d-----w- c:\windows\SysWow64\Wat
2012-12-18 10:51 . 2012-12-18 10:51 -------- d-----w- c:\windows\system32\Wat
2012-12-18 10:39 . 2013-01-08 19:54 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 10:39 . 2013-01-08 19:54 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-18 10:39 . 2012-12-18 10:39 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-18 10:39 . 2012-12-18 10:39 -------- d-----w- c:\windows\system32\Macromed
2012-12-18 10:36 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-12-18 10:36 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-12-18 10:36 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 22:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-17 22:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-03 15:47 . 2011-06-14 01:40 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2011-06-14 01:40 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2011-06-14 01:40 18045968 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2011-06-14 01:40 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-01 05:49 . 2011-01-19 12:28 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2011-01-19 12:28 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2011-01-19 12:28 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2011-01-19 12:28 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2011-01-19 12:28 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2011-01-19 12:28 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-11-30 04:45 . 2013-01-09 20:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-16 08:38 . 2012-12-17 23:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-17 23:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-17 23:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-01-06 1038088]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-18 1255736]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-29 3463080]
S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912]
S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-26 32256]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 19:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Ajouter au fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-01-13 16:31:14
ComboFix-quarantined-files.txt 2013-01-13 15:31
.
Avant-CF: 163 161 419 776 octets libres
Après-CF: 162 989 158 400 octets libres
.
- - End Of File - - A9BD8473A5571E79EF3B9340ED85D3F7
My PC is now running fine
-
Hi,
Before the use of your tools, impossible to get rid of the whitesmoke toolbar nor to change the startpage of my browsers. However my computer worked correctly.
Apparently these problems are resolved from now on after the use of your tools, here is reports:
Attach.txt :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Édition Intégrale
Boot Device: \Device\HarddiskVolume4
Install Date: 17/12/2012 22:06:45
System Uptime: 10/01/2013 21:54:22 (3 hours ago)
.
Motherboard: Apple Inc. | | Mac-F22586C8
Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | U2E1 | 2634/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 158,057 GiB free.
D: is FIXED (HFS) - 232 GiB total, 159,722 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B36
Device ID: PCI\VEN_8086&DEV_3B36&SUBSYS_72708086&REV_06\3&11583659&0&E8
Manufacturer: Intel
Name: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B36
PNP Device ID: PCI\VEN_8086&DEV_3B36&SUBSYS_72708086&REV_06\3&11583659&0&E8
Service: usbuhci
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B3B
Device ID: PCI\VEN_8086&DEV_3B3B&SUBSYS_72708086&REV_06\3&11583659&0&D0
Manufacturer: Intel
Name: Intel® 5 Series/3400 Series Chipset Family USB Universal Host Controller - 3B3B
PNP Device ID: PCI\VEN_8086&DEV_3B3B&SUBSYS_72708086&REV_06\3&11583659&0&D0
Service: usbuhci
.
==== System Restore Points ===================
.
RP37: 10/01/2013 21:31:49 - Point de contrôle planifié
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI fr
Adobe Flash CS4 STI-fr
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.01) - Français
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
Assassin's Creed II
µTorrent
avast! Free Antivirus
CCleaner
CDBurnerXP
Combined Community Codec Pack 2011-11-11
Connect
DAEMON Tools Lite
Duplicate Cleaner Free 3.0.1
FileZilla Client 3.6.0.2
GBoost
Hard Disk Low Level Format Tool 4.25
Java 7 Update 10
Java Auto Updater
kuler
Ma-Config.com (64 bits)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Access MUI (French) 2013
Microsoft DCF MUI (French) 2013
Microsoft Excel MUI (French) 2013
Microsoft Groove MUI (French) 2013
Microsoft InfoPath MUI (French) 2013
Microsoft Lync MUI (French) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office Korrekturhilfen 2013 - Deutsch
Microsoft Office OSM MUI (French) 2013
Microsoft Office OSM UX MUI (French) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Professionnel Plus 2013
Microsoft Office Proofing (French) 2013
Microsoft Office Proofing Tools 2013 - ????? ???????
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Proofing Tools 2013 - Nederlands
Microsoft Office Shared 32-bit MUI (French) 2013
Microsoft Office Shared MUI (French) 2013
Microsoft OneNote MUI (French) 2013
Microsoft Outlook MUI (French) 2013
Microsoft PowerPoint MUI (French) 2013
Microsoft Publisher MUI (French) 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Word MUI (French) 2013
Mises à jour NVIDIA 1.11.3
Mozilla Firefox 17.0.1 (x86 fr)
Mozilla Maintenance Service
NVIDIA Display Control Panel
NVIDIA Install Application
NVIDIA Logiciel système PhysX 9.12.1031
NVIDIA PhysX
NVIDIA Pilote 3D Vision 310.70
NVIDIA Pilote audio HD : 1.3.18.0
NVIDIA Pilote graphique 310.70
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Outils de vérification linguistique 2013 de Microsoft Office - Français
Package de pilotes Windows - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
Package de pilotes Windows - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
Package de pilotes Windows - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)
Package de pilotes Windows - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
Package de pilotes Windows - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Package de pilotes Windows - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Package de pilotes Windows - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)
Package de pilotes Windows - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Package de pilotes Windows - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)
Package de pilotes Windows - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
Package de pilotes Windows - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)
Package de pilotes Windows - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
Package de pilotes Windows - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2)
Package de pilotes Windows - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22)
Package de pilotes Windows - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220)
Package de pilotes Windows - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30)
Package de pilotes Windows - Intel (e1express) Net (03/26/2010 9.13.41.0)
Package de pilotes Windows - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
Package de pilotes Windows - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
Package de pilotes Windows - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
Package de pilotes Windows - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
Package de pilotes Windows - Intel System (07/20/2007 1.2.76.0)
Package de pilotes Windows - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
Panneau de configuration NVIDIA 310.70
PDF Settings CS4
PDFCreator
PhotoFiltre 7
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
QUICK MEDIA CONVERTER HD
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Services Boot Camp
Spybot - Search & Destroy
Steinberg Cubase 5
Suite Shared Configuration CS4
TeamViewer 8
Thrustmaster Force Feedback Driver
Tomb Raider: Underworld 1.1
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.5
WinRAR 4.01 (64-bit)
xp-AntiSpy 3.97-9
.
==== End Of File ===========================
DDS.txt :
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Bat The Fat at 0:12:56 on 2013-01-11
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8118.6518 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\osk.exe
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{00F153E2-EC56-4F99-A6CF-F2C9B063E54C} : DHCPNameServer = 192.168.0.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CUI=SB_CUI&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-18 00:17; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-06 23:25; {72a0f495-ba60-4524-827b-b36b8c18587a}; C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2011-6-29 72024]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2011-6-29 16216]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-18 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-18 370288]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2011-6-29 224640]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2011-6-29 111488]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-18 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-18 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-18 44808]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2011-6-29 17752]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2011-6-29 22872]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-19 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-19 3463080]
R3 acpials;Filtre du capteur de lumière ambiante;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2012-12-17 18944]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\System32\drivers\applemtm.sys [2012-12-17 12288]
R3 applemtp;Apple Multitouch;C:\Windows\System32\drivers\applemtp.sys [2012-12-17 38912]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2012-12-17 18432]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\System32\drivers\IRFilter.sys [2012-12-17 18432]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2012-12-17 32256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-1-6 1038088]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-18 57856]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-18 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-09 21:33:05 99328 ----a-w- C:\Windows\System32\_IsRes.dll
2013-01-09 21:33:05 41472 ----a-w- C:\Windows\System32\tmffbdrv.dll
2013-01-09 21:33:05 264192 ----a-w- C:\Windows\System32\tmffbcpl.dll
2013-01-09 21:33:05 208304 ----a-w- C:\Windows\System32\isrt.dll
2013-01-09 21:32:56 35840 ----a-w- C:\Windows\SysWow64\tmffbdrv.dll
2013-01-09 21:32:56 238592 ----a-w- C:\Windows\SysWow64\tmffbcpl.dll
2013-01-09 21:32:56 -------- d-----w- C:\Program Files (x86)\Thrustmaster
2013-01-09 20:58:18 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 20:58:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 20:58:07 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 20:58:07 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 20:58:06 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 20:58:06 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 20:58:04 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 20:58:04 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 20:58:04 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 20:58:03 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-08 10:56:48 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA56E3DE-3D51-4169-8BAB-2B79A630B1D2}\mpengine.dll
2013-01-07 22:49:16 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Ubisoft
2013-01-07 22:42:31 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2013-01-07 22:42:31 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2013-01-07 22:42:31 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2013-01-07 22:42:31 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2013-01-07 22:42:29 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2013-01-07 22:42:29 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2013-01-06 22:25:28 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\SwvUpdater
2013-01-06 22:23:14 -------- d-----w- C:\ProgramData\InstallMate
2013-01-06 21:12:29 -------- d-----w- C:\ProgramData\ALM
2013-01-06 21:09:43 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-01-06 21:04:33 -------- d-----w- C:\Windows\SysWow64\spool
2013-01-06 21:02:18 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2013-01-06 21:00:58 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-01-02 21:57:19 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\VST3 Presets
2013-01-02 21:57:19 -------- d-----w- C:\ProgramData\Steinberg
2013-01-02 21:55:53 -------- d-----w- C:\Program Files\Steinberg
2013-01-02 21:53:23 2395648 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2013-01-02 21:53:22 16138240 ----a-w- C:\HALionOne.dll
2013-01-02 21:53:17 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2013-01-02 21:44:28 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Steinberg
2013-01-02 21:44:28 -------- d-----w- C:\Program Files (x86)\Steinberg
2013-01-02 20:33:11 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-01-02 20:33:01 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-01-02 20:32:32 -------- d-----w- C:\Windows\PCHEALTH
2013-01-02 20:32:32 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-01-02 20:30:33 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-01-02 20:30:33 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-01-02 20:29:34 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Microsoft Help
2012-12-26 15:02:19 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-26 15:02:19 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-26 15:02:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-26 15:02:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-19 20:58:33 -------- d---a-w- C:\.Trashes.35ajrB
2012-12-19 20:58:33 -------- d---a-w- C:\.Trashes
2012-12-19 10:39:30 -------- d-----w- C:\PAS TOUCHE
2012-12-19 10:33:40 -------- d-----w- C:\ProgramData\Media Center Programs
2012-12-19 10:27:43 -------- d-----w- C:\Program Files (x86)\Eidos
2012-12-19 10:15:06 -------- d-----w- C:\Users\Bat The Fat\Isos Jeux
2012-12-19 07:27:05 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-12-19 00:28:41 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-19 00:28:40 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-19 00:28:28 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-19 00:21:22 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-12-19 00:02:26 433976 ----a-w- C:\Windows\System32\drivers\b57nd60a.sys
2012-12-18 23:51:45 -------- d-----w- C:\ProgramData\ma-config.com
2012-12-18 23:51:45 -------- d-----w- C:\Program Files\ma-config.com
2012-12-18 23:50:20 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\LiveGBoost
2012-12-18 23:50:11 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\GZero
2012-12-18 23:50:00 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\GZero
2012-12-18 23:49:54 -------- d-----w- C:\Program Files (x86)\GBoost
2012-12-18 23:46:24 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-12-18 23:44:59 403304 ----a-w- C:\Windows\System32\xactengine2_7.dll
2012-12-18 23:40:09 -------- d--h--w- C:\Windows\msdownld.tmp
2012-12-18 23:40:01 -------- d-----w- C:\Windows\SysWow64\directx
2012-12-18 23:33:15 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Cocoon Software
2012-12-18 23:33:14 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\WDSetup
2012-12-18 23:33:11 -------- d-----w- C:\Program Files\QuickMediaConverter
2012-12-18 23:30:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-18 23:30:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-12-18 23:25:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-12-18 23:24:47 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\uTorrent
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-18 23:24:07 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-18 23:20:45 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\PhotoFiltre 7
2012-12-18 23:20:43 -------- d-----w- C:\Program Files (x86)\PhotoFiltre 7
2012-12-18 23:11:45 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Adobe
2012-12-18 23:08:01 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\pdfforge
2012-12-18 23:07:59 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-12-18 23:07:59 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-12-18 23:07:59 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-12-18 23:07:59 103936 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-12-18 23:07:58 59904 ----a-w- C:\Windows\SysWow64\MSCC2FR.DLL
2012-12-18 23:07:58 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-12-18 23:07:58 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL
2012-12-18 23:07:58 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL
2012-12-18 23:07:58 -------- d-----w- C:\Program Files (x86)\PDFCreator
2012-12-18 23:05:40 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Programs
2012-12-18 23:03:54 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Malwarebytes
2012-12-18 23:03:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-18 23:03:45 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-18 23:03:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-18 23:03:12 -------- d-----w- C:\Program Files (x86)\HDDGURU LLF Tool
2012-12-18 23:01:32 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\DigitalVolcano
2012-12-18 23:01:13 -------- d-----w- C:\Program Files (x86)\Duplicate Cleaner
2012-12-18 23:00:12 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\Canneverbe Limited
2012-12-18 23:00:12 -------- d-----w- C:\ProgramData\Canneverbe Limited
2012-12-18 22:58:45 -------- d-----w- C:\Program Files\CCleaner
2012-12-18 22:54:03 -------- d-----w- C:\Program Files (x86)\xp-AntiSpy
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 19:08:32 209112 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-12-18 10:59:28 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-12-18 10:51:47 -------- d-----w- C:\Windows\SysWow64\Wat
2012-12-18 10:51:47 -------- d-----w- C:\Windows\System32\Wat
2012-12-18 10:39:29 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Macromedia
2012-12-18 10:39:19 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 10:39:19 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-18 10:36:59 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-12-18 10:36:01 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-12-18 10:36:00 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-12-18 10:36:00 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-12-18 10:36:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-12-18 10:36:00 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-12-18 10:36:00 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-12-18 10:36:00 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-12-18 10:36:00 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-12-18 10:36:00 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-12-18 10:36:00 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-12-18 05:56:06 -------- d-----w- C:\Windows\Panther
2012-12-18 05:55:58 -------- d-sh--w- C:\Boot
2012-12-17 23:54:31 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
2012-12-17 23:54:31 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-17 23:54:30 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-17 23:54:30 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-17 23:54:30 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-17 23:47:09 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-12-17 23:42:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-17 23:42:33 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-17 23:42:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-17 23:42:33 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-17 23:42:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-17 23:42:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-17 23:42:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-17 23:41:27 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-12-17 23:41:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-12-17 23:41:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-12-17 23:41:27 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-12-17 23:41:27 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-12-17 23:38:42 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-12-17 23:37:56 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-12-17 23:36:59 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-12-17 23:35:52 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-17 23:27:15 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-12-17 23:27:13 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-12-17 23:27:13 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-12-17 23:27:12 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-12-17 23:27:12 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-17 23:27:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-12-17 23:27:11 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-12-17 23:12:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-17 23:12:12 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-12-17 23:11:58 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-12-17 23:11:58 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-12-17 23:11:57 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-12-17 23:11:46 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-12-17 23:11:42 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-12-17 22:10:39 41224 ----a-w- C:\Windows\avastSS.scr
2012-12-17 22:10:30 -------- d-----w- C:\ProgramData\AVAST Software
2012-12-17 22:10:30 -------- d-----w- C:\Program Files\AVAST Software
2012-12-17 22:02:52 -------- d-----w- C:\Windows\System32\SPReview
2012-12-17 21:48:27 6144 ----a-w- C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2012-12-17 21:48:27 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2012-12-17 21:48:20 4096 ----a-w- C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2012-12-17 21:47:51 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2012-12-17 21:47:50 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2012-12-17 21:42:37 7168 ----a-w- C:\Windows\System32\drivers\fr-FR\rdvgkmd.sys.mui
2012-12-17 21:42:37 2560 ----a-w- C:\Windows\System32\drivers\fr-FR\rdpwd.sys.mui
2012-12-17 21:42:36 3072 ----a-w- C:\Windows\System32\drivers\fr-FR\serscan.sys.mui
2012-12-17 21:42:33 4608 ----a-w- C:\Windows\System32\drivers\fr-FR\tsusbhub.sys.mui
2012-12-17 21:38:27 -------- d-----w- C:\Windows\System32\EventProviders
2012-12-17 21:26:12 564824 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-12-17 21:26:00 -------- d-----w- C:\Users\Bat The Fat\AppData\Roaming\DAEMON Tools Lite
2012-12-17 21:25:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-12-17 21:25:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-12-17 21:15:01 -------- d-----w- C:\Program Files\Boot Camp
2012-12-17 21:14:57 18944 ----a-w- C:\Windows\System32\drivers\AppleBtBc.sys
2012-12-17 21:14:39 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2012-12-17 21:14:05 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-12-17 21:13:58 -------- d-----w- C:\Intel
2012-12-17 21:13:22 38912 ----a-w- C:\Windows\System32\drivers\applemtp.sys
2012-12-17 21:13:22 12288 ----a-w- C:\Windows\System32\drivers\applemtm.sys
2012-12-17 21:13:12 18432 ----a-w- C:\Windows\System32\drivers\IRFilter.sys
2012-12-17 21:13:05 75112 ----a-w- C:\Windows\System32\CirrusAPO_x64.dll
2012-12-17 21:13:05 18432 ----a-w- C:\Windows\System32\drivers\CS420x64.sys
2012-12-17 21:13:04 -------- d-----w- C:\Program Files (x86)\Motorola
2012-12-17 21:11:42 32256 ----a-w- C:\Windows\System32\drivers\KeyMagic.sys
2012-12-17 21:11:42 1919968 ----a-w- C:\Windows\System32\WdfCoInstaller01005.dll
2012-12-17 21:10:42 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-12-17 21:10:14 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-12-17 21:10:13 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-12-17 21:09:51 -------- d-----w- C:\Users\Bat The Fat\AppData\Local\Apple
2012-12-17 21:08:48 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2012-12-17 22:00:01 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-12-17 22:00:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-03 15:47:14 9271352 ----a-w- C:\Windows\System32\nvcuda.dll
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-30 21:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 0:13:22,27 ===============
Checkup.txt :
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
xp-AntiSpy 3.97-9
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Duplicate Cleaner Free 3.0.1
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
AdwCleaner[s1].txt :
# AdwCleaner v2.105 - Rapport créé le 11/01/2013 à 07:19:34
# Mis à jour le 08/01/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Bat The Fat - BC-W7-64B
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Bat The Fat\Desktop\Nouveau dossier\adwcleaner.exe
# Option [suppression]
***** [services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\ProgramData\InstallMate
Dossier Supprimé : C:\Users\Bat The Fat\AppData\Local\SwvUpdater
Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\CT3272810
Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\extensions\{72a0f495-ba60-4524-827b-b36b8c18587a}
Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\Smartbar
Dossier Supprimé : C:\Users\Bat The Fat\AppData\Roaming\pdfforge
Dossier Supprimé : C:\Users\BATTHE~1\AppData\Local\Temp\CT3272810
Fichier Supprimé : C:\END
***** [Registre] *****
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v17.0.1 (fr)
Fichier : C:\Users\Bat The Fat\AppData\Roaming\Mozilla\Firefox\Profiles\y01qxtt6.default\prefs.js
Supprimée : user_pref("CT3272810.1000082.isDisplayHidden", "true");
Supprimée : user_pref("CT3272810.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Supprimée : user_pref("CT3272810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT3272810.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Supprimée : user_pref("CT3272810.FirstTime", "true");
Supprimée : user_pref("CT3272810.FirstTimeFF3", "true");
Supprimée : user_pref("CT3272810.InstallDate", "6/1/2013 23:24:54");
Supprimée : user_pref("CT3272810.LoginRevertSettingsEnabled", true);
Supprimée : user_pref("CT3272810.RevertSettingsEnabled", true);
Supprimée : user_pref("CT3272810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Supprimée : user_pref("CT3272810.UserID", "UN22335164376899436");
Supprimée : user_pref("CT3272810.addressBarTakeOverEnabledInHidden", "true");
Supprimée : user_pref("CT3272810.autoDisableScopes", -1);
Supprimée : user_pref("CT3272810.browser.search.defaultthis.engineName", true);
Supprimée : user_pref("CT3272810.cb_user_id_000.enc", "Q0IxMzA3NzIzNDUyNTdfMTM1NzUxMTYzNDY4Ml9GaXJlZm94");
Supprimée : user_pref("CT3272810.cbfirsttime.enc", "U3VuIEphbiAwNiAyMDEzIDIzOjMzOjUyIEdNVCswMTAw");
Supprimée : user_pref("CT3272810.defaultSearch", "true");
Supprimée : user_pref("CT3272810.embeddedsData", "[{\"appId\":\"130004960265293823\",\"apiPermissions\":{\"cross[...]
Supprimée : user_pref("CT3272810.enableAlerts", "always");
Supprimée : user_pref("CT3272810.enableSearchFromAddressBar", "true");
Supprimée : user_pref("CT3272810.firstTimeDialogOpened", "true");
Supprimée : user_pref("CT3272810.first_time_search.enc", "MQ==");
Supprimée : user_pref("CT3272810.fixPageNotFoundError", "true");
Supprimée : user_pref("CT3272810.fixPageNotFoundErrorInHidden", "true");
Supprimée : user_pref("CT3272810.fixUrls", true);
Supprimée : user_pref("CT3272810.hxxp___api15_starwebnet_com.pid2.enc", "YmRiYzdmMmRmNTFiM2RiNA==");
Supprimée : user_pref("CT3272810.hxxp___api18_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA==");
Supprimée : user_pref("CT3272810.hxxp___api19_starwebnet_com.pid2.enc", "ZmMzN2UyNGYzNzZiODgwMA==");
Supprimée : user_pref("CT3272810.hxxp___api20_starwebnet_com.pid2.enc", "YTUxNDA4YTljYzI2OWJkNg==");
Supprimée : user_pref("CT3272810.hxxp___api21_starwebnet_com.pid2.enc", "Zjk2MDQyNDgzOGE1NzE0Yw==");
Supprimée : user_pref("CT3272810.hxxp___api22_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA==");
Supprimée : user_pref("CT3272810.hxxp___api25_starwebnet_com.pid2.enc", "NDQzNDRjMGM4ZjMzYWFiYQ==");
Supprimée : user_pref("CT3272810.hxxp___api28_starwebnet_com.pid2.enc", "MWMyNDZlNzQzNGVjOGUyMA==");
Supprimée : user_pref("CT3272810.hxxp___api29_starwebnet_com.pid2.enc", "YmRiYzdmMmRmNTFiM2RiNA==");
Supprimée : user_pref("CT3272810.hxxp___api30_starwebnet_com.pid2.enc", "OWYzZTI5NDRmNWEwNTAyYw==");
Supprimée : user_pref("CT3272810.hxxp___api31_starwebnet_com.pid2.enc", "MjNkOTE3N2NhNjE3OTFlYw==");
Supprimée : user_pref("CT3272810.hxxp___api32_starwebnet_com.pid2.enc", "ZWQwZDcyNDIxZmY0MTJkOA==");
Supprimée : user_pref("CT3272810.hxxp___api6_starwebnet_com.pid2.enc", "ZmMzN2UyNGYzNzZiODgwMA==");
Supprimée : user_pref("CT3272810.installId", "9818");
Supprimée : user_pref("CT3272810.installType", "conduitnsisintegration");
Supprimée : user_pref("CT3272810.isCheckedStartAsHidden", true);
Supprimée : user_pref("CT3272810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT3272810.isFirstTimeToolbarLoading", "false");
Supprimée : user_pref("CT3272810.isNewTabEnabled", true);
Supprimée : user_pref("CT3272810.isPerformedSmartBarTransition", "true");
Supprimée : user_pref("CT3272810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Supprimée : user_pref("CT3272810.keyword", true);
Supprimée : user_pref("CT3272810.mam_CouponBuddy_appState.enc", "b24=");
Supprimée : user_pref("CT3272810.mam_PriceGong_appState.enc", "b24=");
Supprimée : user_pref("CT3272810.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...]
Supprimée : user_pref("CT3272810.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Supprimée : user_pref("CT3272810.mam_gk_first_time.enc", "MQ==");
Supprimée : user_pref("CT3272810.mam_gk_lastLoginTime.enc", "MTM1Nzg4MjY3Mjk0OQ==");
Supprimée : user_pref("CT3272810.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...]
Supprimée : user_pref("CT3272810.mam_gk_userId.enc", "ODVlN2EyYTItOTNiMC00MDkxLTk0ZWItMTM0MTJmN2FkY2Ji");
Supprimée : user_pref("CT3272810.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...]
Supprimée : user_pref("CT3272810.migrateAppsAndComponents", true);
Supprimée : user_pref("CT3272810.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Supprimée : user_pref("CT3272810.openThankYouPage", "false");
Supprimée : user_pref("CT3272810.openUninstallPage", "false");
Supprimée : user_pref("CT3272810.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Supprimée : user_pref("CT3272810.revertSettingsEnabled", "false");
Supprimée : user_pref("CT3272810.search.searchAppId", "130004960265293823");
Supprimée : user_pref("CT3272810.search.searchCount", "0");
Supprimée : user_pref("CT3272810.searchInNewTabEnabledInHidden", "true");
Supprimée : user_pref("CT3272810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT3272810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Supprimée : user_pref("CT3272810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT3272810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Supprimée : user_pref("CT3272810.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357511121452");
Supprimée : user_pref("CT3272810.serviceLayer_services_appsMetadata_lastUpdate", "1357857527988");
Supprimée : user_pref("CT3272810.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357511122093");
Supprimée : user_pref("CT3272810.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357882790003");
Supprimée : user_pref("CT3272810.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357511122049");
Supprimée : user_pref("CT3272810.serviceLayer_services_searchAPI_lastUpdate", "1357837334242");
Supprimée : user_pref("CT3272810.serviceLayer_services_serviceMap_lastUpdate", "1357837334057");
Supprimée : user_pref("CT3272810.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357511122006");
Supprimée : user_pref("CT3272810.serviceLayer_services_toolbarSettings_lastUpdate", "1357882789781");
Supprimée : user_pref("CT3272810.serviceLayer_services_translation_lastUpdate", "1357837334369");
Supprimée : user_pref("CT3272810.serviceLayer_services_userApps_lastUpdate", "1357884910110");
Supprimée : user_pref("CT3272810.settingsINI", true);
Supprimée : user_pref("CT3272810.shouldFirstTimeDialog", "false");
Supprimée : user_pref("CT3272810.smartbar.CTID", "CT3272810");
Supprimée : user_pref("CT3272810.smartbar.Uninstall", "0");
Supprimée : user_pref("CT3272810.smartbar.homepage", true);
Supprimée : user_pref("CT3272810.smartbar.toolbarName", "WhiteSmoke US New E1 ");
Supprimée : user_pref("CT3272810.startPage", "userChanged");
Supprimée : user_pref("CT3272810.toolbarBornServerTime", "7-1-2013");
Supprimée : user_pref("CT3272810.toolbarCurrentServerTime", "11-1-2013");
Supprimée : user_pref("CT3272810.url_history0001.enc", "aHR0cDovL2ZvcnVtcy5tYWx3YXJlYnl0ZXMub3JnL2luZGV4LnBocD9h[...]
Supprimée : user_pref("CT3272810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Supprimée : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT327281[...]
Supprimée : user_pref("Smartbar.ConduitSearchEngineList", "");
Supprimée : user_pref("Smartbar.ConduitSearchUrlList", "");
Supprimée : user_pref("Smartbar.keywordURLSelectedCTID", "CT3272810");
Supprimée : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272810&SearchSource=2&CU[...]
Supprimée : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3272810&octid=CT3272810[...]
Supprimée : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Supprimée : user_pref("smartbar.originalHomepage", "about:home");
Supprimée : user_pref("smartbar.originalSearchAddressUrl", "");
Supprimée : user_pref("smartbar.originalSearchEngine", false);
*************************
AdwCleaner[s1].txt - [10661 octets] - [11/01/2013 07:19:34]
########## EOF - C:\AdwCleaner[s1].txt - [10722 octets] ##########
RKreport :
RogueKiller V8.4.3 [Jan 10 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Bat The Fat [Droits d'admin]
Mode : Suppression -- Date : 11/01/2013 07:31:45
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPKT-75PK4T0 ATA Device +++++
--- User ---
[MBR] e5d3ac4ab594ac0718519912c9520365
[bSP] aac4ff0f549820945ee38b0511ad9d7f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 237464 Mo
2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 486737768 | Size: 619 Mo
3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 488007680 | Size: 238655 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2]_D_11012013_073145.txt >>
RKreport[1]_S_11012013_073044.txt ; RKreport[2]_D_11012013_073145.txt
-
Hi,
I've already read the topics dedicated to whitesmoke on malwarebytes site. I made a complete analyse with malwarebytes and it didn't solve my problem. So I followed your instructions and I send you the content of the following documents dds.txt ans attach.txt
And excuse-me for my bad english I'm french...) :
Best regards
:
infected by whitesmoke
in Resolved Malware Removal Logs
Posted
I tried to do your ESET scan, but it's incredibly slow.
I have no problem and I need no more your help.
Thanks for your help
BatTheFat