Solved Cannot install anything

[Lainkiller]

Hello im from Switzerland, since 2 days I can't install progams, it says there is a problem with " C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll " or with " dpx.dll " or " image error ".

I am not very good in computer things. ^.^

thank you !!


----

I used Eset Online scanner :

C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application
C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Andrea\AppData\Local\Temp\jar_cache5265126559337476897.tmp multiple threats
C:\Users\Andrea\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Users\Andrea\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application
C:\Users\Andrea\AppData\Local\Temp\YontooLayers\yl.js JS/Adware.Yontoo.A application
C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe a variant of Win32/Adware.RegistryEasy application
C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application
C:\Users\Andrea\Downloads\setup.exe Win32/Adware.Bundlore application
----

and Malwarebytes in french sry



alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.05.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: ANDREA-PC [administrateur]

18.05.2013 00:55:39
mbam-log-2013-05-18 (00-55-39).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 248082
Temps écoulé: 8 minute(s), 23 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 3
C:\Users\Andrea\AppData\Local\Temp\tool.exe (Adware.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Andrea\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Andrea\Downloads\WebPlayer_V16.exe (Trojan.RepackedSetup.SFX) -> Mis en quarantaine et supprimé avec succès.

(fin)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Lainkiller]

Ok so " attach " then " DDS ":

------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27.09.2011 10:36:41
System Uptime: 17.05.2013 18:07:02 (8 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2112/267mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 286.934 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark X422
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark X422
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
==== System Restore Points ===================
.
RP1444: 17.05.2013 03:00:24 - Windows Update
RP1446: 17.05.2013 03:42:19 - Windows Update
RP1447: 17.05.2013 17:17:55 - DirectX est installé
RP1448: 17.05.2013 17:18:55 - DirectX est installé
RP1449: 17.05.2013 17:27:07 - DirectX est installé
RP1450: 17.05.2013 17:40:01 - DirectX est installé
RP1452: 17.05.2013 18:10:50 - Windows Update
RP1454: 17.05.2013 18:28:37 - Windows Update
RP1456: 17.05.2013 18:29:15 - Windows Update
RP1457: 17.05.2013 19:50:00 - DirectX est installé
RP1458: 17.05.2013 23:08:58 - DirectX est installé
RP1459: 18.05.2013 00:46:54 - DirectX est installé
.
==== Installed Programs ======================
.
1ClickDownload
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2) - Français
Advanced PC Tweaker v4.2
ALTools Update
ALZip
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG Security Toolbar
Babylon toolbar on IE
Battlefield 3™ Open Beta
Battlelog Web Plugins
BearShare
BitTorrent
BittorrentBar_FR Toolbar
Bonjour
Brother MFL-Pro Suite DCP-7055
Coffret de pilotes Logitech Webcam Software
Complitly
Configuration DivX
D3DX10
Easy Password Storage
ESET Online Scanner v3
ESN Sonar
FileServe Manager 1.0.0.3466
Getax Uninstaller
GOM Player
GOMTV Streamer
Google Chrome
Google Update Helper
Google Earth
HotForex MetaTrader
Intel(R) Control Center
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 31
King Arthur's Gold
Logitech Vid HD
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.75.0.1300
MediaBar
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Lync 2010
Microsoft Office 365 Home Premium Preview - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mises à jour NVIDIA 1.11.3
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox 20.0.1 (x86 fr)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NavyFIELD French
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA 3D Vision Controller Driver
NVIDIA Install Application
NVIDIA Logiciel système PhysX 9.11.0621
NVIDIA PhysX
NVIDIA Pilote 3D Vision 311.06
NVIDIA Pilote du contrôleur 3D Vision 285.38
NVIDIA Pilote graphique 311.06
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
OpenOffice.org 3.4
Origin
Pando Media Booster
Panneau de configuration NVIDIA 311.06
PaperPort Image Printer 64-bit
PokerStars.fr
PunkBuster Services
QuickTime
RegUtility version 4.1
Roulettechat Adultes
Scansoft PDF Professional
searchweb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Settlers3Demo
Skype Click to Call
Skype™ 6.3
Star Wars: The Old Republic
StarCraft II
Steam
System Requirements Lab
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Webplayer
Windows Live
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
World of Tanks
Yontoo 1.10.02
Z Steel Soldiers (Demo)
.
==== End Of File ===========================





-----------------------

Now DDS :

-------------





DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.21.2
Run by Andrea at 2:04:44 on 2013-05-18
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.1313 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\FileServe Manager\FSStarter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbhelper.dll
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
mWinlogon: Userinit = userinit.exe,
BHO: FileServeManager: {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
BHO: TBSB02609 Class: {C0924543-15FD-4F3D-889C-0B4562A9CB45} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: BittorrentBar_FR Toolbar: {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
TB: searchweb: {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
uRun: [Google Update] "C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [cacaoweb] "C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [SkyDrive] "C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FileServe Manager Task] "C:\Program Files (x86)\FileServe Manager\FSStarter.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Andrea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROULET~1.LNK - C:\Program Files (x86)\roulettechat\roulettechat.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE: {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DEA25106-2353-4F72-AC32-467EB07EC95F} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\64\Complitly64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-9-27 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-9-27 359464]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 39768]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-9-27 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-9-27 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-8 44808]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-27 13592]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-11-4 1494144]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-24 245760]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-9-11 178808]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736]
.
=============== Created Last 30 ================
.
2013-05-17 22:54:38 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Malwarebytes
2013-05-17 22:54:25 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-17 22:54:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-17 22:54:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-17 22:44:18 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat
2013-05-17 22:44:17 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe
2013-05-17 20:32:00 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-17 19:55:59 -------- d-----w- C:\Program Files (x86)\Advanced PC Tweaker
2013-05-17 19:55:52 -------- d-----w- C:\Users\Andrea\AppData\Local\Programs
2013-05-17 19:49:56 -------- d-----w- C:\Program Files (x86)\RegUtility
2013-05-17 18:41:18 -------- d-----w- C:\ProgramData\NexonEU
2013-05-17 17:54:34 -------- d-----w- C:\Download
2013-05-17 17:53:56 -------- d-----w- C:\Nexon
2013-05-17 16:11:02 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\offreg.dll
2013-05-17 15:56:17 26624 ----a-w- C:\Windows\System32\drivers\sermouse.sys
2013-05-17 15:41:45 -------- d-----w- C:\d717a38f72b1053be2bdd56dd09590a8
2013-05-17 15:17:35 -------- d--h--w- C:\Windows\msdownld.tmp
2013-05-17 15:17:35 -------- d-----w- C:\Windows\SysWow64\directx
2013-05-17 15:17:32 -------- d-----w- C:\Games
2013-05-17 12:26:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
2013-05-17 01:01:30 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:01:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-16 10:05:08 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-16 10:05:06 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-16 10:05:06 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-16 10:05:06 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-16 10:04:36 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-16 10:04:36 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-16 10:04:36 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-16 10:04:08 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-16 10:02:42 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-16 10:02:42 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-03 17:20:00 -------- d-----w- C:\Program Files\eFusion
2013-05-03 17:03:40 -------- d-----w- C:\Program Files\SD EnterNET
2013-05-03 16:52:23 -------- d-----w- C:\Users\Andrea\AppData\Local\PMB Files
2013-05-03 16:52:15 -------- d-----w- C:\ProgramData\PMB Files
2013-05-03 16:52:01 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-04-25 10:10:02 -------- d-----w- C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
2013-04-24 15:27:24 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-24 15:21:33 -------- d-----w- C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
2013-04-23 15:12:09 -------- d-----w- C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
2013-04-22 14:47:40 -------- d-----w- C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
2013-04-21 12:00:07 -------- d-----w- C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
2013-04-20 23:59:44 -------- d-----w- C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
2013-04-20 11:59:20 -------- d-----w- C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
2013-04-19 10:52:17 -------- d-----w- C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
2013-04-18 15:05:45 -------- d-----w- C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
2013-04-18 09:47:31 -------- d-----w- C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}
.
==================== Find3M ====================
.
2013-05-17 16:16:02 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-17 16:16:00 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-17 16:16:00 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-17 15:56:14 67072 ----a-w- C:\Windows\SysWow64\CertEnrollCtrl.exe
2013-05-17 15:56:07 44032 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2013-05-14 23:09:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 23:09:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-18 20:13:44 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 2:05:31.45 ===============

 

[Broni]

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Lainkiller]

I can't install Malwarebytes Anti-Rootkit, it says I need " QtGui4.dll " on my computer.


RogueKiller Report :

----------



RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Andrea [Droits d'admin]
Mode : Suppression -- Date : 18/05/2013 02:34:03
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) [-] -> SUPPRIMÉ
[RUN][BLPATH] HKUS\S-1-5-21-1356140123-1956174812-4015511781-1001[...]\Run : cacaoweb ("C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) [-] -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : Rogue.ProgFiles ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Volume0 +++++
--- User ---
[MBR] 87b253a3458e6c7b957500a0b3ed9e60
[BSP] 04e8ed28453b4996c9fcfd5278dd1cf4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476843 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[2]_D_18052013_023403.txt >>
RKreport[1]_S_18052013_023210.txt ; RKreport[2]_D_18052013_023403.txt






--------------------------

Malwarebytes Anti-Rootkit Report :

-----------------

 

[Broni]

I can't install Malwarebytes Anti-Rootkit, it says I need " QtGui4.dll " on my computer.

Restart computer, disable your AV program and try again.

 

[Lainkiller]

AV program = Avast ?

I restarted and disable avast but it still say QtGui4.dll

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Lainkiller]

Combofix :

--------------------


ComboFix 13-05-16.02 - Andrea 18.05.2013 3:30.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.2479 [GMT 2:00]
Lancé depuis: c:\users\Andrea\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\program files (x86)\searchweb\tbunscADA.tmp\tbHElper.dll
c:\users\Andrea\AppData\Roaming\cacaoweb
c:\users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Andrea\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\Andrea\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating102017C4736805ADFF6A6DD9E00BE315.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1CBA09C88CEC85767BCBF38F1B8B4F14.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1D11FBB853C7867FF281811C65BB12FA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1D42AC2C321FFBFEF5E2F0607521D53C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating2FB4A145F6471999EFB78ED544FB38AC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating489870EF3FE94727D06F4C5A91BCCD10.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating4EC0421820AC3ECCEE42404E756CA56F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating7F5D81A1EFF676FCA380D4CA93B3B536.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating83AC4A176B3B79955740930D56CE3CF1.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8CA96CF716F6D4BE5814175F890EFB43.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE0F769941F6862AFC70F539CBB5D9C06.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF052C0B04887B2405504AA2C4463BE9A.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF3014E60E3BF97186CC837126054735D.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFC30B5732AB8CC6CC2F89A11E376AC54.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\storage.db
c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
Une copie infectée de c:\windows\System32\AtBroker.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
.
Une copie infectée de c:\windows\System32\autoconv.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe
.
Une copie infectée de c:\windows\System32\bitsadmin.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
.
Une copie infectée de c:\windows\System32\bootcfg.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
.
Une copie infectée de c:\windows\System32\chkntfs.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe
.
Une copie infectée de c:\windows\System32\clip.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe
.
Une copie infectée de c:\windows\System32\ddodiag.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe
.
Une copie infectée de c:\windows\System32\DeviceProperties.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe
.
Une copie infectée de c:\windows\System32\diantz.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe
.
Une copie infectée de c:\windows\System32\diskpart.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe
.
Une copie infectée de c:\windows\System32\DpiScaling.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe
.
Une copie infectée de c:\windows\System32\dxdiag.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe
.
Une copie infectée de c:\windows\System32\eudcedit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe
.
Une copie infectée de c:\windows\System32\extrac32.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe
.
Une copie infectée de c:\windows\System32\fontview.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe
.
Une copie infectée de c:\windows\System32\LocationNotifications.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe
.
Une copie infectée de c:\windows\System32\Magnify.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_ca22c913b260e66a\Magnify.exe
.
Une copie infectée de c:\windows\System32\MigAutoPlay.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
.
Une copie infectée de c:\windows\System32\mmc.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe
.
Une copie infectée de c:\windows\System32\migwiz\mighost.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\mighost.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-18 au 2013-05-18 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-18 01:40 . 2013-05-18 01:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-18 01:40 . 2013-05-18 01:40 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-05-18 00:44 . 2013-05-18 00:44 8576000 ----a-w- c:\windows\SysWow64\qtgui4.dll
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\users\Andrea\AppData\Roaming\dll-files.com
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\programdata\Logs
2013-05-18 00:44 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 22:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-17 15:17 . 2013-05-17 15:17 -------- d-----w- C:\Games
2013-05-17 12:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
2013-05-17 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 10:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 10:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 10:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 10:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 10:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 10:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 10:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 10:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 10:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 10:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 10:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 10:02 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-03 17:20 . 2013-05-03 17:20 -------- d-----w- c:\program files\eFusion
2013-05-03 17:03 . 2013-05-03 17:03 -------- d-----w- c:\program files\SD EnterNET
2013-05-03 16:52 . 2013-05-18 01:41 -------- d-----w- c:\users\Andrea\AppData\Local\PMB Files
2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\programdata\PMB Files
2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\program files (x86)\Pando Networks
2013-04-25 15:24 . 2013-04-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-24 15:27 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 16:16 . 2013-02-10 01:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-17 16:16 . 2013-02-10 01:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-17 16:16 . 2011-09-27 16:44 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-17 15:56 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe
2013-05-17 15:56 . 2009-07-13 23:52 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
2013-05-14 23:09 . 2012-03-30 15:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 23:09 . 2011-09-27 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 13:32 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 14:15 . 2011-09-27 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 10:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 21:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:04 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2011-09-27 11:33 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-18 20:13 . 2012-09-03 16:14 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\SysWOW64\cngaudit.dll
[-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\SysWOW64\mfc40u.dll
[-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
2011-09-21 18:04 1257752 ----a-w- c:\program files (x86)\FileServe Manager\FileServeBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 20:13 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}]
2011-08-23 14:33 2656256 ------w- c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
"{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}"= "c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll" [2011-08-23 2656256]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{cdb982ed-f9d6-4e3b-b94b-96f705d35ad1}]
[HKEY_CLASSES_ROOT\TBSB02609.TBSB02609.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02609.TBSB02609]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-18 28628104]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SkyDrive"="c:\users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-26 256600]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-03 3093624]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-05-17 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Roulettechat Adultes.lnk - c:\program files (x86)\roulettechat\roulettechat.exe [2012-10-10 17524176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-09-11 178808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:09]
.
2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
.
2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
.
2013-05-18 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-05-17 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE: {{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2013-05-18 03:47:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-05-18 01:47
.
Avant-CF: 307'296'669'696 octets libres
Après-CF: 368'784'101'376 octets libres
.
- - End Of File - - 4DAED29C21D4E098871999022D0B2009

 

[Broni]

Please re-run Combofix one more time.

 

[Lainkiller]

ComboFix 13-05-16.02 - Andrea 18.05.2013 4:30.2.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.2782 [GMT 2:00]
Lancé depuis: c:\users\Andrea\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . impossible à supprimer
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . impossible à supprimer
.
Une copie infectée de c:\windows\System32\AtBroker.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
.
Une copie infectée de c:\windows\System32\autoconv.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe
.
Une copie infectée de c:\windows\System32\bitsadmin.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
.
Une copie infectée de c:\windows\System32\bootcfg.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
.
Une copie infectée de c:\windows\System32\chkntfs.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe
.
Une copie infectée de c:\windows\System32\clip.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe
.
Une copie infectée de c:\windows\System32\ddodiag.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe
.
Une copie infectée de c:\windows\System32\DeviceProperties.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe
.
Une copie infectée de c:\windows\System32\diantz.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe
.
Une copie infectée de c:\windows\System32\diskpart.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe
.
Une copie infectée de c:\windows\System32\DpiScaling.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe
.
Une copie infectée de c:\windows\System32\dxdiag.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe
.
Une copie infectée de c:\windows\System32\eudcedit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe
.
Une copie infectée de c:\windows\System32\extrac32.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe
.
Une copie infectée de c:\windows\System32\fontview.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe
.
Une copie infectée de c:\windows\System32\LocationNotifications.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe
.
Une copie infectée de c:\windows\System32\Magnify.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_ca22c913b260e66a\Magnify.exe
.
Une copie infectée de c:\windows\System32\MigAutoPlay.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
.
Une copie infectée de c:\windows\System32\mmc.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe
.
Une copie infectée de c:\windows\System32\migwiz\mighost.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\mighost.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-04-18 au 2013-05-18 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 00:44 . 2013-05-18 00:44 8576000 ----a-w- c:\windows\SysWow64\qtgui4.dll
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\users\Andrea\AppData\Roaming\dll-files.com
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\programdata\Logs
2013-05-18 00:44 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\programdata\Malwarebytes
2013-05-17 22:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-17 15:17 . 2013-05-17 15:17 -------- d-----w- C:\Games
2013-05-17 12:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
2013-05-17 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 10:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 10:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 10:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 10:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 10:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 10:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 10:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 10:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 10:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 10:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 10:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 10:02 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-03 17:20 . 2013-05-03 17:20 -------- d-----w- c:\program files\eFusion
2013-05-03 17:03 . 2013-05-03 17:03 -------- d-----w- c:\program files\SD EnterNET
2013-05-03 16:52 . 2013-05-18 01:41 -------- d-----w- c:\users\Andrea\AppData\Local\PMB Files
2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\programdata\PMB Files
2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\program files (x86)\Pando Networks
2013-04-25 15:24 . 2013-04-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-24 15:27 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 16:16 . 2013-02-10 01:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-17 16:16 . 2013-02-10 01:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-17 16:16 . 2011-09-27 16:44 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-17 15:56 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe
2013-05-17 15:56 . 2009-07-13 23:52 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
2013-05-14 23:09 . 2012-03-30 15:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 23:09 . 2011-09-27 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 13:32 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 14:15 . 2011-09-27 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 10:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 21:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:04 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2011-09-27 11:33 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-18 20:13 . 2012-09-03 16:14 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\SysWOW64\cngaudit.dll
[-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\SysWOW64\mfc40u.dll
[-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
2011-09-21 18:04 1257752 ----a-w- c:\program files (x86)\FileServe Manager\FileServeBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 20:13 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}]
2011-08-23 14:33 2656256 ------w- c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
"{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}"= "c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll" [2011-08-23 2656256]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{cdb982ed-f9d6-4e3b-b94b-96f705d35ad1}]
[HKEY_CLASSES_ROOT\TBSB02609.TBSB02609.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02609.TBSB02609]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-18 28628104]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SkyDrive"="c:\users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-26 256600]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-03 3093624]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-05-17 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Roulettechat Adultes.lnk - c:\program files (x86)\roulettechat\roulettechat.exe [2012-10-10 17524176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-09-11 178808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:09]
.
2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
.
2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
.
2013-05-18 c:\windows\Tasks\One-Click Tweak.job
- c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-05-17 08:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE: {{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2013-05-18 04:45:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-05-18 02:45
ComboFix2.txt 2013-05-18 01:47
.
Avant-CF: 368'401'154'048 octets libres
Après-CF: 368'104'194'048 octets libres
.
- - End Of File - - F2BA22043B4B3D68A8F3FB44CB193D27

 

[Broni]

I'm not sure yet what we're dealing here with....

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
• Press Scan button.[/*]
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]

 

[Lainkiller]

Farbar :

FRST :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
Ran by Andrea (administrator) on 18-05-2013 05:25:24
Running from C:\Users\Andrea\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(MusicLab, LLC) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Farbar) C:\Users\Andrea\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [28628104 2011-10-19] (Electronic Arts)
HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [SkyDrive] "C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [256600 2013-04-26] (Microsoft Corporation)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-05-03] ()
HKCU\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-18] (NEXON Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileServe Manager Task] "C:\Program Files (x86)\FileServe Manager\FSStarter.exe" [954648 2011-09-21] (FileServe Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1598392 2011-08-09] (MusicLab, LLC)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12107432 2013-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll [1792944 2011-08-09] (MusicLab, LLC)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roulettechat Adultes.lnk
ShortcutTarget: Roulettechat Adultes.lnk -> C:\Program Files (x86)\roulettechat\roulettechat.exe (Rentabiliweb)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - No File
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=88dcd4be0000000000000019dbb1bf42
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={...a9fedee97&lang=fr&ds=gm011&pr=sa&d=2012-04-08 02:41:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TBSB02609 Class - {C0924543-15FD-4F3D-889C-0B4562A9CB45} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll ()
BHO-x32: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
BHO-x32: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll (Conduit Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
Toolbar: HKLM-x32 - searchweb - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll ()
Toolbar: HKLM-x32 - BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
Toolbar: HKCU - No Name - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - No File
PDF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (AVG Secure Search) - http://isearch.avg.com/search?cid={...a9fedee97&lang=fr&ds=gm011&pr=sa&d=2012-04-08 02:41:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (FileServe Manager) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0\FSChromeAddOn.dll (FileServe Limited)
CHR Plugin: (Skype Toolbars) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Complitly plugin for chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
CHR Extension: (FS Extension) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0
CHR Extension: (avast! WebRep) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (Skype Click to Call) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-09-30] ()
R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()


next on next post

 

[Lainkiller]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] ()
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-18 05:25 - 2013-05-18 05:25 - 00000000 ____D C:\FRST
2013-05-18 05:24 - 2013-05-18 05:24 - 01877468 ____A (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2013-05-18 04:45 - 2013-05-18 04:45 - 00033694 ____A C:\ComboFix.txt
2013-05-18 03:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-18 03:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-18 03:28 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-18 03:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-18 03:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-18 03:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-18 03:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-18 03:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-18 03:26 - 2013-05-18 04:45 - 00000000 ____D C:\Qoobox
2013-05-18 03:26 - 2013-05-18 04:41 - 00000000 ____D C:\Windows\erdnt
2013-05-18 02:56 - 2013-05-18 03:10 - 00000000 ____D C:\Users\Andrea\Downloads\mbar
2013-05-18 02:55 - 2013-05-18 02:56 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001 (1).zip
2013-05-18 02:44 - 2013-05-18 02:51 - 00000294 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-05-18 02:44 - 2013-05-18 02:51 - 00000278 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-05-18 02:44 - 2013-05-18 02:44 - 08576000 ____A (Digia Plc and/or its subsidiary(-ies)) C:\Windows\SysWOW64\qtgui4.dll
2013-05-18 02:44 - 2013-05-18 02:44 - 00001092 ____A C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\dll-files.com
2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
2013-05-18 02:44 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe
2013-05-18 02:43 - 2013-05-18 02:43 - 04241280 ____A (Dll-Files.com ) C:\Users\Andrea\Downloads\dffsetup-qtgui4.exe
2013-05-18 02:34 - 2013-05-18 02:34 - 00001801 ____A C:\Users\Andrea\Desktop\RKreport[2]_D_18052013_023403.txt
2013-05-18 02:34 - 2013-05-18 02:34 - 00000000 ____D C:\Users\Andrea\Downloads\mbar-1.05.0.1001
2013-05-18 02:33 - 2013-05-18 02:34 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001.zip
2013-05-18 02:32 - 2013-05-18 02:32 - 00001917 ____A C:\Users\Andrea\Desktop\RKreport[1]_S_18052013_023210.txt
2013-05-18 02:30 - 2013-05-18 02:33 - 00000000 ____D C:\Users\Andrea\Desktop\RK_Quarantine
2013-05-18 02:29 - 2013-05-18 02:30 - 00791040 ____A C:\Users\Andrea\Downloads\RogueKillerX64.exe
2013-05-18 02:05 - 2013-05-18 02:05 - 00025668 ____A C:\Users\Andrea\Desktop\dds.txt
2013-05-18 02:05 - 2013-05-18 02:05 - 00006266 ____A C:\Users\Andrea\Desktop\attach.txt
2013-05-18 02:04 - 2013-05-18 02:04 - 00688992 ____R (Swearware) C:\Users\Andrea\Downloads\dds.com
2013-05-18 00:54 - 2013-05-18 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 00:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-18 00:53 - 2013-05-18 00:53 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-18 00:44 - 2013-05-18 00:44 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
2013-05-18 00:44 - 2013-05-18 00:44 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
2013-05-17 23:11 - 2013-05-17 23:11 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate (1).exe
2013-05-17 22:32 - 2013-05-17 22:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-17 22:31 - 2013-05-17 22:31 - 02347384 ____A (ESET) C:\Users\Andrea\Downloads\esetsmartinstaller_enu.exe
2013-05-17 22:25 - 2013-05-18 03:26 - 05066411 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2013-05-17 22:23 - 2013-05-17 22:23 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe
2013-05-17 22:21 - 2013-05-17 22:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2013-05-17 22:21 - 2013-05-17 22:21 - 00030786 ____A C:\Users\Andrea\Downloads\hijackthis.log
2013-05-17 21:56 - 2013-05-18 02:51 - 00000526 ____A C:\Windows\Tasks\One-Click Tweak.job
2013-05-17 21:56 - 2013-05-17 21:56 - 00001133 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker.lnk
2013-05-17 21:56 - 2013-05-17 21:56 - 00001088 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
2013-05-17 21:55 - 2013-05-17 22:01 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
2013-05-17 21:55 - 2013-05-17 21:55 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe
2013-05-17 21:49 - 2013-05-17 21:49 - 00001035 ____A C:\Users\Public\Desktop\RegUtility.lnk
2013-05-17 21:49 - 2013-05-17 21:49 - 00000000 ____D C:\Program Files (x86)\RegUtility
2013-05-17 21:48 - 2013-05-17 21:49 - 02580315 ____A ( ) C:\Users\Andrea\Downloads\RegUtility_Setup.exe
2013-05-17 20:43 - 2013-05-17 20:43 - 03733400 ____A (Nexon) C:\Users\Andrea\Downloads\Setup(1).exe
2013-05-17 20:41 - 2013-05-17 20:42 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(2).exe
2013-05-17 20:40 - 2013-05-17 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(1).exe
2013-05-17 19:54 - 2013-05-17 20:42 - 00000000 ____D C:\Download
2013-05-17 19:53 - 2013-05-18 00:44 - 00000000 ____D C:\Nexon
2013-05-17 19:53 - 2013-05-17 19:53 - 00530056 ____A (Nexon) C:\Users\Andrea\Downloads\NF2_Downloader.exe
2013-05-17 17:56 - 2009-07-14 02:00 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
2013-05-17 17:41 - 2013-05-17 18:06 - 00000000 ____D C:\d717a38f72b1053be2bdd56dd09590a8
2013-05-17 17:41 - 2013-05-17 17:41 - 00889416 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\dotNetFx40_Full_setup.exe
2013-05-17 17:41 - 2013-05-03 15:57 - 72607752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2013-05-17 17:40 - 2013-05-17 17:40 - 20214408 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 17:17 - 2013-05-18 00:44 - 00000769 ____A C:\Users\Public\Desktop\World of Tanks.lnk
2013-05-17 17:17 - 2013-05-18 00:44 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-17 17:17 - 2013-05-17 17:17 - 09304264 ____A (Wargaming.net ) C:\Users\Andrea\Downloads\WoT_internet_install_eu.exe
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Games
2013-05-17 03:01 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 03:01 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 03:01 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 03:01 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 12:05 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 12:05 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 12:05 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 12:05 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 12:05 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 12:05 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 12:05 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 12:05 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 12:04 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 12:04 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 12:04 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 12:04 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 12:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 12:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-14 21:06 - 2013-05-14 21:06 - 00567859 ____A C:\Users\Andrea\Desktop\Photos du journal.htm
2013-05-14 21:06 - 2013-05-14 21:06 - 00000000 ____D C:\Users\Andrea\Desktop\Photos du journal_fichiers
2013-05-14 02:54 - 2013-05-14 02:55 - 00290808 ____A C:\Windows\Minidump\051413-26140-01.dmp
2013-05-09 22:16 - 2013-05-09 22:16 - 00656293 ____A C:\Users\Andrea\Desktop\NF 1.odt
2013-05-03 19:36 - 2013-05-03 19:36 - 00000000 ____D C:\Users\Andrea\Documents\NavyField
2013-05-03 19:20 - 2013-05-03 19:20 - 00000242 ____A C:\Users\Public\Desktop\NavyFIELD Europe French.url
2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 ____D C:\Program Files\eFusion
2013-05-03 19:08 - 2013-05-03 19:09 - 118310779 ____A (Acresso Software Inc. ) C:\Users\Andrea\Downloads\navyfield_manual_patch_french_1-218.exe
2013-05-03 19:03 - 2013-05-03 19:03 - 00000000 ____D C:\Program Files\SD EnterNET
2013-05-03 18:52 - 2013-05-18 05:25 - 00000000 ____D C:\Users\Andrea\AppData\Local\PMB Files
2013-05-03 18:52 - 2013-05-03 19:03 - 684129157 ____A (Acresso Software Inc. ) C:\Users\Andrea\Desktop\NavyFIELD_Europe_FR.exe
2013-05-03 18:52 - 2013-05-03 18:52 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-05-03 18:51 - 2013-05-03 18:51 - 03084320 ____A C:\Users\Andrea\Downloads\NavyFIELD_Europe_FR_downloader.exe
2013-05-03 18:18 - 2013-05-03 18:18 - 00290760 ____A C:\Windows\Minidump\050313-22062-01.dmp
2013-04-26 22:01 - 2013-04-26 22:01 - 05990472 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\SkyDriveSetup.exe
2013-04-25 12:10 - 2013-04-25 12:10 - 00000000 ____D C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
2013-04-24 17:27 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-24 17:21 - 2013-04-24 17:21 - 00000000 ____D C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
2013-04-23 17:12 - 2013-04-23 17:12 - 00000000 ____D C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
2013-04-23 00:36 - 2013-04-23 00:36 - 00290768 ____A C:\Windows\Minidump\042313-21468-01.dmp
2013-04-22 16:47 - 2013-04-22 16:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
2013-04-21 21:25 - 2013-04-21 21:25 - 00560352 ____A C:\Windows\Minidump\042113-23171-01.dmp
2013-04-21 14:00 - 2013-04-21 14:00 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
2013-04-21 01:59 - 2013-04-21 01:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
2013-04-20 13:59 - 2013-04-20 13:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
2013-04-19 12:52 - 2013-04-19 12:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
2013-04-19 03:09 - 2013-04-19 03:24 - 00000000 ____D C:\Users\Andrea\Desktop\Photos trouvées
2013-04-18 17:05 - 2013-04-18 17:06 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
2013-04-18 11:47 - 2013-04-18 11:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}

==================== One Month Modified Files and Folders =======

2013-05-18 05:25 - 2013-05-18 05:25 - 00000000 ____D C:\FRST
2013-05-18 05:25 - 2013-05-03 18:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\PMB Files
2013-05-18 05:24 - 2013-05-18 05:24 - 01877468 ____A (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
2013-05-18 05:11 - 2011-09-28 09:40 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
2013-05-18 05:09 - 2012-03-30 17:14 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-18 04:59 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-18 04:59 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-18 04:54 - 2011-10-30 05:29 - 00000000 ____D C:\Users\Andrea\AppData\Local\FileServe Manager
2013-05-18 04:53 - 2012-10-16 23:28 - 00000000 ____D C:\Users\Andrea\AppData\Local\roulettechat
2013-05-18 04:53 - 2011-09-30 10:34 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-18 04:53 - 2011-09-28 22:07 - 00000000 ____D C:\Users\Andrea\Tracing
2013-05-18 04:52 - 2012-07-21 21:17 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-18 04:52 - 2011-09-28 21:29 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-05-18 04:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-18 04:52 - 2009-07-14 06:51 - 00086448 ____A C:\Windows\setupact.log
2013-05-18 04:51 - 2011-09-27 10:31 - 01231733 ____A C:\Windows\WindowsUpdate.log
2013-05-18 04:51 - 2010-11-21 05:47 - 00350416 ____A C:\Windows\PFRO.log
2013-05-18 04:46 - 2012-07-21 21:17 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-18 04:45 - 2013-05-18 04:45 - 00033694 ____A C:\ComboFix.txt
2013-05-18 04:45 - 2013-05-18 03:26 - 00000000 ____D C:\Qoobox
2013-05-18 04:41 - 2013-05-18 03:26 - 00000000 ____D C:\Windows\erdnt
2013-05-18 04:41 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-05-18 03:26 - 2013-05-17 22:25 - 05066411 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
2013-05-18 03:10 - 2013-05-18 02:56 - 00000000 ____D C:\Users\Andrea\Downloads\mbar
2013-05-18 02:56 - 2013-05-18 02:55 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001 (1).zip
2013-05-18 02:54 - 2012-11-04 18:48 - 00000000 ___RD C:\Users\Andrea\SkyDrive
2013-05-18 02:51 - 2013-05-18 02:44 - 00000294 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
2013-05-18 02:51 - 2013-05-18 02:44 - 00000278 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-05-18 02:51 - 2013-05-17 21:56 - 00000526 ____A C:\Windows\Tasks\One-Click Tweak.job
2013-05-18 02:44 - 2013-05-18 02:44 - 08576000 ____A (Digia Plc and/or its subsidiary(-ies)) C:\Windows\SysWOW64\qtgui4.dll
2013-05-18 02:44 - 2013-05-18 02:44 - 00001092 ____A C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\dll-files.com
2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
2013-05-18 02:43 - 2013-05-18 02:43 - 04241280 ____A (Dll-Files.com ) C:\Users\Andrea\Downloads\dffsetup-qtgui4.exe
2013-05-18 02:34 - 2013-05-18 02:34 - 00001801 ____A C:\Users\Andrea\Desktop\RKreport[2]_D_18052013_023403.txt
2013-05-18 02:34 - 2013-05-18 02:34 - 00000000 ____D C:\Users\Andrea\Downloads\mbar-1.05.0.1001
2013-05-18 02:34 - 2013-05-18 02:33 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001.zip
2013-05-18 02:33 - 2013-05-18 02:30 - 00000000 ____D C:\Users\Andrea\Desktop\RK_Quarantine
2013-05-18 02:32 - 2013-05-18 02:32 - 00001917 ____A C:\Users\Andrea\Desktop\RKreport[1]_S_18052013_023210.txt
2013-05-18 02:30 - 2013-05-18 02:29 - 00791040 ____A C:\Users\Andrea\Downloads\RogueKillerX64.exe
2013-05-18 02:05 - 2013-05-18 02:05 - 00025668 ____A C:\Users\Andrea\Desktop\dds.txt
2013-05-18 02:05 - 2013-05-18 02:05 - 00006266 ____A C:\Users\Andrea\Desktop\attach.txt
2013-05-18 02:04 - 2013-05-18 02:04 - 00688992 ____R (Swearware) C:\Users\Andrea\Downloads\dds.com
2013-05-18 00:54 - 2013-05-18 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-18 00:53 - 2013-05-18 00:53 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-18 00:44 - 2013-05-18 00:44 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
2013-05-18 00:44 - 2013-05-18 00:44 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
2013-05-18 00:44 - 2013-05-17 19:53 - 00000000 ____D C:\Nexon
2013-05-18 00:44 - 2013-05-17 17:17 - 00000769 ____A C:\Users\Public\Desktop\World of Tanks.lnk
2013-05-18 00:44 - 2013-05-17 17:17 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-05-17 23:11 - 2013-05-17 23:11 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate (1).exe
2013-05-17 22:32 - 2013-05-17 22:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-17 22:31 - 2013-05-17 22:31 - 02347384 ____A (ESET) C:\Users\Andrea\Downloads\esetsmartinstaller_enu.exe
2013-05-17 22:23 - 2013-05-17 22:23 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe
2013-05-17 22:21 - 2013-05-17 22:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
2013-05-17 22:21 - 2013-05-17 22:21 - 00030786 ____A C:\Users\Andrea\Downloads\hijackthis.log
2013-05-17 22:21 - 2011-09-27 10:36 - 00000000 ____D C:\Users\Andrea\AppData\Local\VirtualStore
2013-05-17 22:01 - 2013-05-17 21:55 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
2013-05-17 21:56 - 2013-05-17 21:56 - 00001133 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker.lnk
2013-05-17 21:56 - 2013-05-17 21:56 - 00001088 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
2013-05-17 21:55 - 2013-05-17 21:55 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe
2013-05-17 21:49 - 2013-05-17 21:49 - 00001035 ____A C:\Users\Public\Desktop\RegUtility.lnk
2013-05-17 21:49 - 2013-05-17 21:49 - 00000000 ____D C:\Program Files (x86)\RegUtility
2013-05-17 21:49 - 2013-05-17 21:48 - 02580315 ____A ( ) C:\Users\Andrea\Downloads\RegUtility_Setup.exe
2013-05-17 20:43 - 2013-05-17 20:43 - 03733400 ____A (Nexon) C:\Users\Andrea\Downloads\Setup(1).exe
2013-05-17 20:42 - 2013-05-17 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(2).exe
2013-05-17 20:42 - 2013-05-17 19:54 - 00000000 ____D C:\Download
2013-05-17 20:41 - 2013-05-17 20:40 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(1).exe
2013-05-17 19:53 - 2013-05-17 19:53 - 00530056 ____A (Nexon) C:\Users\Andrea\Downloads\NF2_Downloader.exe
2013-05-17 18:25 - 2011-04-12 11:16 - 00704686 ____A C:\Windows\System32\perfh00C.dat
2013-05-17 18:25 - 2011-04-12 11:16 - 00130992 ____A C:\Windows\System32\perfc00C.dat
2013-05-17 18:25 - 2009-07-14 07:13 - 01572290 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-17 18:16 - 2013-02-10 03:16 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-17 18:16 - 2013-02-10 03:16 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-17 18:16 - 2013-02-10 03:16 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-17 18:16 - 2012-03-11 03:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-17 18:16 - 2012-03-11 03:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-17 18:16 - 2011-09-27 18:44 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-17 18:07 - 2011-12-08 20:36 - 00421888 ____A C:\Users\Andrea\Desktop\cacaoweb.exe
2013-05-17 18:06 - 2013-05-17 17:41 - 00000000 ____D C:\d717a38f72b1053be2bdd56dd09590a8
2013-05-17 18:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-17 17:56 - 2010-11-21 05:24 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
2013-05-17 17:56 - 2009-07-14 01:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2013-05-17 17:56 - 2009-07-14 01:33 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2013-05-17 17:41 - 2013-05-17 17:41 - 00889416 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\dotNetFx40_Full_setup.exe
2013-05-17 17:40 - 2013-05-17 17:40 - 20214408 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 17:17 - 2013-05-17 17:17 - 09304264 ____A (Wargaming.net ) C:\Users\Andrea\Downloads\WoT_internet_install_eu.exe
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Games
2013-05-17 14:20 - 2009-07-14 06:45 - 00464320 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 03:09 - 2012-11-04 17:52 - 00000000 ____D C:\Program Files\Microsoft Lync
2013-05-17 03:09 - 2012-11-04 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2013-05-16 14:11 - 2011-09-28 09:40 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
2013-05-15 01:09 - 2012-03-30 17:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 01:09 - 2011-09-27 18:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 21:06 - 2013-05-14 21:06 - 00567859 ____A C:\Users\Andrea\Desktop\Photos du journal.htm
2013-05-14 21:06 - 2013-05-14 21:06 - 00000000 ____D C:\Users\Andrea\Desktop\Photos du journal_fichiers
2013-05-14 02:55 - 2013-05-14 02:54 - 00290808 ____A C:\Windows\Minidump\051413-26140-01.dmp
2013-05-14 02:54 - 2011-11-14 23:33 - 476039305 ____A C:\Windows\MEMORY.DMP
2013-05-14 02:54 - 2011-11-14 23:33 - 00000000 ____D C:\Windows\Minidump
2013-05-09 22:16 - 2013-05-09 22:16 - 00656293 ____A C:\Users\Andrea\Desktop\NF 1.odt
2013-05-07 18:13 - 2012-11-04 19:00 - 00000000 ____D C:\Users\Andrea\Desktop\Boulot fiduciare
2013-05-05 23:36 - 2013-05-17 03:01 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-17 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-17 03:01 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-17 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-03 19:36 - 2013-05-03 19:36 - 00000000 ____D C:\Users\Andrea\Documents\NavyField
2013-05-03 19:20 - 2013-05-03 19:20 - 00000242 ____A C:\Users\Public\Desktop\NavyFIELD Europe French.url
2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 ____D C:\Program Files\eFusion
2013-05-03 19:19 - 2011-09-27 13:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-03 19:09 - 2013-05-03 19:08 - 118310779 ____A (Acresso Software Inc. ) C:\Users\Andrea\Downloads\navyfield_manual_patch_french_1-218.exe
2013-05-03 19:03 - 2013-05-03 19:03 - 00000000 ____D C:\Program Files\SD EnterNET
2013-05-03 19:03 - 2013-05-03 18:52 - 684129157 ____A (Acresso Software Inc. ) C:\Users\Andrea\Desktop\NavyFIELD_Europe_FR.exe
2013-05-03 18:52 - 2013-05-03 18:52 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-05-03 18:51 - 2013-05-03 18:51 - 03084320 ____A C:\Users\Andrea\Downloads\NavyFIELD_Europe_FR_downloader.exe
2013-05-03 18:18 - 2013-05-03 18:18 - 00290760 ____A C:\Windows\Minidump\050313-22062-01.dmp
2013-05-03 16:15 - 2011-09-27 10:44 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-03 15:57 - 2013-05-17 17:41 - 72607752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2013-05-02 02:06 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-26 22:01 - 2013-04-26 22:01 - 05990472 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\SkyDriveSetup.exe
2013-04-26 22:01 - 2012-11-04 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-04-25 17:27 - 2011-09-27 18:30 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Skype
2013-04-25 17:24 - 2011-09-28 20:57 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-04-25 17:24 - 2011-09-27 18:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-04-25 17:24 - 2011-09-27 18:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-25 12:10 - 2013-04-25 12:10 - 00000000 ____D C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
2013-04-24 17:21 - 2013-04-24 17:21 - 00000000 ____D C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
2013-04-23 19:11 - 2013-04-12 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-23 17:12 - 2013-04-23 17:12 - 00000000 ____D C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
2013-04-23 00:36 - 2013-04-23 00:36 - 00290768 ____A C:\Windows\Minidump\042313-21468-01.dmp
2013-04-22 16:47 - 2013-04-22 16:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
2013-04-21 21:25 - 2013-04-21 21:25 - 00560352 ____A C:\Windows\Minidump\042113-23171-01.dmp
2013-04-21 14:00 - 2013-04-21 14:00 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
2013-04-21 01:59 - 2013-04-21 01:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
2013-04-20 13:59 - 2013-04-20 13:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
2013-04-19 12:52 - 2013-04-19 12:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
2013-04-19 03:24 - 2013-04-19 03:09 - 00000000 ____D C:\Users\Andrea\Desktop\Photos trouvées
2013-04-18 17:06 - 2013-04-18 17:05 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
2013-04-18 11:47 - 2013-04-18 11:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-06 17:21

==================== End Of Log ============================

 

[Lainkiller]

Farbar Additional :





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2013
Ran by Andrea at 2013-05-18 05:26:08 Run:
Running from C:\Users\Andrea\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

1ClickDownload (Version: 2.1 Build 26473)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.2) - Français (Version: 10.1.2)
Advanced PC Tweaker v4.2 (Version: 4.2)
ALTools Update
ALZip (Version: v8.0 beta1)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1466.0)
AVG Security Toolbar (Version: 14.2.0.1)
Babylon toolbar on IE
Battlefield 3™ Open Beta (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 0.80.0)
BearShare (Version: 10.0.0.112380)
BitTorrent (Version: 7.6.0)
BittorrentBar_FR Toolbar (Version: 6.8.5.1)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7055 (Version: 1.0.7.0)
Coffret de pilotes Logitech Webcam Software (Version: 12.10.1110)
Complitly
Configuration DivX (Version: 2.6.1.8)
D3DX10 (Version: 15.4.2368.0902)
Dll-Files Fixer (Version: 1.0)
Easy Password Storage
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
FileServe Manager 1.0.0.3466
Getax Uninstaller
GOM Player (Version: 2.1.39.5101)
GOMTV Streamer (Version: 1.0.0.26)
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
Google Earth (Version: 7.0.3.8542)
HotForex MetaTrader (Version: 4.00)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Rapid Storage Technology (Version: 10.5.0.1026)
iTunes (Version: 10.5.0.142)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 31 (Version: 6.0.310)
King Arthur's Gold (Version: 0.95.428.0)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaBar (Version: 3.0.0.112129)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Lync 2010 (Version: 4.0.7577.4388)
Microsoft Office 365 Home Premium Preview - en-us (Version: 15.0.4128.1025)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 17.0.2006.0314)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mises à jour NVIDIA 1.11.3 (Version: 1.11.3)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Mozilla Firefox 20.0.1 (x86 fr) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NavyFIELD French (Version: 1.00.0000)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Logiciel système PhysX 9.11.0621 (Version: 9.11.0621)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA Pilote 3D Vision 311.06 (Version: 311.06)
NVIDIA Pilote du contrôleur 3D Vision 285.38 (Version: 285.38)
NVIDIA Pilote graphique 311.06 (Version: 311.06)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update Components (Version: 1.11.3)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4128.1025)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022)
OpenOffice.org 3.4 (Version: 3.4.9590)
Origin (Version: 8.3.0.3527)
Pando Media Booster (Version: 2.6.0.8)
Panneau de configuration NVIDIA 311.06 (Version: 311.06)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PokerStars.fr
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.73.80.64)
RegUtility version 4.1 (Version: 4.1)
Roulettechat Adultes (Version: 3.5.20.3)
Scansoft PDF Professional
searchweb (Version: 1.0.1)
Settlers3Demo
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.3 (Version: 6.3.105)
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
System Requirements Lab
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebPlayer (Version: 1.0.0)
Webplayer (Version: 2.5.0)
Windows Live (Version: 15.4.3502.0922)
Windows Live (Version: 15.4.3555.0308)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
World of Tanks
Yontoo 1.10.02 (Version: 1.10.02)
Z Steel Soldiers (Demo)

==================== Restore Points =========================

17-05-2013 01:00:24 Windows Update
17-05-2013 01:42:19 Windows Update
17-05-2013 15:17:55 DirectX est installé
17-05-2013 15:18:55 DirectX est installé
17-05-2013 15:27:07 DirectX est installé
17-05-2013 15:40:01 DirectX est installé
17-05-2013 16:10:50 Windows Update
17-05-2013 16:28:37 Windows Update
17-05-2013 16:29:15 Windows Update
17-05-2013 17:50:00 DirectX est installé
17-05-2013 21:08:58 DirectX est installé
17-05-2013 22:46:54 DirectX est installé
18-05-2013 01:00:16 Windows Update
18-05-2013 01:25:22 Before New Antivirus

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2013 04:56:51 AM) (Source: Application Error) (User: )
Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

Programme : Indexeur Microsoft Windows Search
Fichier :

La valeur de l’erreur est affichée dans la section Données supplémentaires.
Action utilisateur
1. Ouvrez à nouveau le fichier.
Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
2.
Si le fichier est toujours inaccessible et
- Il se trouve sur le réseau :
votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
pour obtenir une assistance supplémentaire.

Données supplémentaires
Valeur de l’erreur : 00000000
Type du disque : 0

Error: (05/18/2013 04:56:51 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
Code d’exception : 0xc000001d
Décalage d’erreur : 0x00000000001daec4
ID du processus défaillant : 0x1160
Heure de début de l’application défaillante : 0xSearchIndexer.exe0
Chemin d’accès de l’application défaillante : SearchIndexer.exe1
Chemin d’accès du module défaillant: SearchIndexer.exe2
ID de rapport : SearchIndexer.exe3

Error: (05/18/2013 04:56:20 AM) (Source: Application Error) (User: )
Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

Programme : Indexeur Microsoft Windows Search
Fichier :

La valeur de l’erreur est affichée dans la section Données supplémentaires.
Action utilisateur
1. Ouvrez à nouveau le fichier.
Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
2.
Si le fichier est toujours inaccessible et
- Il se trouve sur le réseau :
votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
pour obtenir une assistance supplémentaire.

Données supplémentaires
Valeur de l’erreur : 00000000
Type du disque : 0

Error: (05/18/2013 04:56:20 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
Code d’exception : 0xc000001d
Décalage d’erreur : 0x00000000001daec4
ID du processus défaillant : 0x614
Heure de début de l’application défaillante : 0xSearchIndexer.exe0
Chemin d’accès de l’application défaillante : SearchIndexer.exe1
Chemin d’accès du module défaillant: SearchIndexer.exe2
ID de rapport : SearchIndexer.exe3

Error: (05/18/2013 04:55:48 AM) (Source: Application Error) (User: )
Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

Programme : Indexeur Microsoft Windows Search
Fichier :

La valeur de l’erreur est affichée dans la section Données supplémentaires.
Action utilisateur
1. Ouvrez à nouveau le fichier.
Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
2.
Si le fichier est toujours inaccessible et
- Il se trouve sur le réseau :
votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
pour obtenir une assistance supplémentaire.

Données supplémentaires
Valeur de l’erreur : 00000000
Type du disque : 0

Error: (05/18/2013 04:55:48 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
Code d’exception : 0xc000001d
Décalage d’erreur : 0x00000000001daec4
ID du processus défaillant : 0xa84
Heure de début de l’application défaillante : 0xSearchIndexer.exe0
Chemin d’accès de l’application défaillante : SearchIndexer.exe1
Chemin d’accès du module défaillant: SearchIndexer.exe2
ID de rapport : SearchIndexer.exe3

Error: (05/18/2013 04:53:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 04:45:54 AM) (Source: Application Error) (User: )
Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

Programme : Indexeur Microsoft Windows Search
Fichier :

La valeur de l’erreur est affichée dans la section Données supplémentaires.
Action utilisateur
1. Ouvrez à nouveau le fichier.
Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
2.
Si le fichier est toujours inaccessible et
- Il se trouve sur le réseau :
votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
pour obtenir une assistance supplémentaire.

Données supplémentaires
Valeur de l’erreur : 00000000
Type du disque : 0

Error: (05/18/2013 04:45:54 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
Code d’exception : 0xc000001d
Décalage d’erreur : 0x00000000001daec4
ID du processus défaillant : 0xcd0
Heure de début de l’application défaillante : 0xSearchIndexer.exe0
Chemin d’accès de l’application défaillante : SearchIndexer.exe1
Chemin d’accès du module défaillant: SearchIndexer.exe2
ID de rapport : SearchIndexer.exe3

Error: (05/18/2013 04:45:23 AM) (Source: Application Error) (User: )
Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

Programme : Indexeur Microsoft Windows Search
Fichier :

La valeur de l’erreur est affichée dans la section Données supplémentaires.
Action utilisateur
1. Ouvrez à nouveau le fichier.
Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
2.
Si le fichier est toujours inaccessible et
- Il se trouve sur le réseau :
votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
pour obtenir une assistance supplémentaire.

Données supplémentaires
Valeur de l’erreur : 00000000
Type du disque : 0


System errors:
=============
Error: (05/18/2013 04:56:51 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de façon inattendue pour la 3ème fois.

Error: (05/18/2013 04:56:20 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/18/2013 04:55:49 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/18/2013 04:45:55 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de façon inattendue pour la 3ème fois.

Error: (05/18/2013 04:45:23 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/18/2013 04:44:49 AM) (Source: Service Control Manager) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/18/2013 04:39:13 AM) (Source: Service Control Manager) (User: )
Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

Error: (05/18/2013 04:36:37 AM) (Source: Application Popup) (User: )
Description: Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote.

Error: (05/18/2013 04:36:37 AM) (Source: Application Popup) (User: )
Description: Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote.

Error: (05/18/2013 04:33:55 AM) (Source: Service Control Manager) (User: )
Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.


Microsoft Office Sessions:
=========================
Error: (05/18/2013 04:56:51 AM) (Source: Application Error)(User: )
Description: Indexeur Microsoft Windows Search000000000

Error: (05/18/2013 04:56:51 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4116001ce5373581000e0C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll9637a220-bf66-11e2-af50-0019dbb1bf42

Error: (05/18/2013 04:56:20 AM) (Source: Application Error)(User: )
Description: Indexeur Microsoft Windows Search000000000

Error: (05/18/2013 04:56:20 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec461401ce537345644e94C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll83c9ecf8-bf66-11e2-af50-0019dbb1bf42

Error: (05/18/2013 04:55:48 AM) (Source: Application Error)(User: )
Description: Indexeur Microsoft Windows Search000000000

Error: (05/18/2013 04:55:48 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4a8401ce5372bd08b29eC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll70ff3c1b-bf66-11e2-af50-0019dbb1bf42

Error: (05/18/2013 04:53:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 04:45:54 AM) (Source: Application Error)(User: )
Description: Indexeur Microsoft Windows Search000000000

Error: (05/18/2013 04:45:54 AM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4cd001ce5371d07a14a3C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll0f0cb36a-bf65-11e2-99a3-0019dbb1bf42

Error: (05/18/2013 04:45:23 AM) (Source: Application Error)(User: )
Description: Indexeur Microsoft Windows Search000000000


CodeIntegrity Errors:
===================================
Date: 2013-05-18 04:36:37.200
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-05-18 04:36:37.137
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-05-18 04:36:37.059
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-05-18 04:36:36.981
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-05-18 03:38:06.977
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2013-05-18 03:38:06.899
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4095.27 MB
Available physical RAM: 2232.33 MB
Total Pagefile: 8188.71 MB
Available Pagefile: 6291.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.67 GB) (Free:342.73 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA12241F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

That looks fine.

How is computer doing at the moment?

 

[Lainkiller]

Right now I try to install something and it says that c:\Windows\System32\credui.dll is not created to run on Windows or there is an error

and I try to install another thing and it says the same but with c:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll


I dont understand anything and still can't install anything ://////////////

I see something new, it says " An unhandled exception is occured. The application will be restarted " again again again again . . .

 

[Broni]

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[Lainkiller]

I did this on my first post, but yes im scanning. takes time.

 

[Broni]

I forgot.

You can stop that scan....

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Lainkiller]

Adwcleaner


# AdwCleaner v2.301 - Rapport créé le 18/05/2013 à 11:28:53
# Mis à jour le 16/05/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Andrea - ANDREA-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Andrea\Downloads\adwcleaner(1).exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : vToolbarUpdater14.2.0

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\1ClickDownload
Dossier Supprimé : C:\Program Files (x86)\AVG Secure Search
Dossier Supprimé : C:\Program Files (x86)\BabylonToolbar
Dossier Supprimé : C:\Program Files (x86)\BittorrentBar_FR
Dossier Supprimé : C:\Program Files (x86)\Common Files\AVG Secure Search
Dossier Supprimé : C:\Program Files (x86)\Conduit
Dossier Supprimé : C:\Program Files (x86)\Yontoo
Dossier Supprimé : C:\ProgramData\AVG Secure Search
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Users\Andrea\AppData\Local\AVG Secure Search
Dossier Supprimé : C:\Users\Andrea\AppData\Local\Babylon
Dossier Supprimé : C:\Users\Andrea\AppData\Local\Conduit
Dossier Supprimé : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\AVG Secure Search
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\BittorrentBar_FR
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\boost_interprocess
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\Toolbar4
Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\Complitly
Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\WebPlayerBdd
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Fichier Supprimé : C:\user.js
Fichier Supprimé : C:\Users\Andrea\Desktop\cacaoweb.exe
Supprimé au redémarrage : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

***** [Registre] *****

Clé Supprimée : HKCU\Software\1ClickDownload
Clé Supprimée : HKCU\Software\AppDataLow\Software\BittorrentBar_FR
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\AVG Secure Search
Clé Supprimée : HKCU\Software\BabylonToolbar
Clé Supprimée : HKCU\Software\cacaoweb
Clé Supprimée : HKCU\Software\Complitly
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\IGearSettings
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Clé Supprimée : HKLM\Software\AVG Secure Search
Clé Supprimée : HKLM\Software\AVG Security Toolbar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\BabylonToolbar
Clé Supprimée : HKLM\Software\BittorrentBar_FR
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Clé Supprimée : HKLM\SOFTWARE\Classes\b
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Clé Supprimée : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2849852
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Iminent
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Clé Supprimée : HKLM\Software\SimplyGen
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C0924543-15FD-4F3D-889C-0B4562A9CB45}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67A11EBC-1ACB-4CAD-8E02-E952F1CE48FE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDB43EBD-47AF-4E06-8156-3DDB1FC56CDC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_FR Toolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Donnée Supprimée : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll
Donnée Supprimée : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll
Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com
Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://webplayersearch.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v26.0.1410.64

Fichier : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.31] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Supprimée [l.34] : keyword = "isearch.avg.com",
Supprimée [l.38] : search_url = "hxxp://isearch.avg.com/search?cid={4695BCC1-33D9-43D9-B79B-FF6D8A62939F}&mid=f4[...]

*************************

AdwCleaner[S1].txt - [33593 octets] - [18/05/2013 11:28:53]

########## EOF - C:\AdwCleaner[S1].txt - [33654 octets] ##########

 

[Lainkiller]

Can't install Junkware, it says its not a 64 bit version . and it can't run the fonctione " Windows\system32\cscript.exe "

 

[Lainkiller]

Can install OTL, but when I start scan it bugs and says incorrect image, Windows\Microsoft.NET\Framework\v2.0.50727.dll can't be executed on Windows or there is an error.

 

[Broni]

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

[Lainkiller]

Running Repair Under System Account
Starting Repairs...
Start (18.05.2013 19:00:11)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (18.05.2013 19:00:11)
Running Repair Under Current User Account
Done (18.05.2013 19:00:16)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (18.05.2013 19:00:16)
Running Repair Under System Account
Done (18.05.2013 19:01:59)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (18.05.2013 19:01:59)
Running Repair Under System Account
Done (18.05.2013 19:02:52)

Register System Files
Start (18.05.2013 19:02:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:03:15)

Repair WMI
Start (18.05.2013 19:03:15)
Running Repair Under Current User Account
Commutateur non valide.

Commutateur non valide.

Running Repair Under System Account
Commutateur non valide.

Commutateur non valide.

Done (18.05.2013 19:04:38)

Repair Windows Firewall
Start (18.05.2013 19:04:38)
Running Repair Under Current User Account
Le service Partage de connexion Internet (ICS) n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Partage de connexion Internet (ICS) n'a pas pu ˆtre lanc‚.

Le service n'a pas signal‚ d'erreur.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3534.

Running Repair Under System Account
Le service Partage de connexion Internet (ICS) n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Partage de connexion Internet (ICS) n'a pas pu ˆtre lanc‚.

Le service n'a pas signal‚ d'erreur.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3534.

Done (18.05.2013 19:05:07)

Repair Internet Explorer
Start (18.05.2013 19:05:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:05:31)

Repair MDAC/MS Jet
Start (18.05.2013 19:05:31)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:05:42)

Repair Hosts File
Start (18.05.2013 19:05:42)
Running Repair Under System Account
Done (18.05.2013 19:05:44)

Remove Policies Set By Infections
Start (18.05.2013 19:05:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:05:49)

Repair Icons
Start (18.05.2013 19:05:49)
Running Repair Under System Account
Impossible de trouver C:\Users\Andrea\AppData\Local\IconCache.db.bak
Impossible de trouver C:\Users\Andrea\AppData\Local\IconCache.db
Done (18.05.2013 19:05:51)

Repair Winsock & DNS Cache
Start (18.05.2013 19:05:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:06:10)

Repair Proxy Settings
Start (18.05.2013 19:06:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:06:15)

Repair Windows Updates
Start (18.05.2013 19:06:15)
Running Repair Under Current User Account
Le service Windows Update n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

AccŠs refus‚.
Running Repair Under System Account
Le service Services de chiffrement n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Service de transfert intelligent en arriŠre-plan n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Windows Update n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Accès refusé.
Done (18.05.2013 19:06:42)

Repair CD/DVD Missing/Not Working
Start (18.05.2013 19:06:42)
Done (18.05.2013 19:06:42)

Repair Volume Shadow Copy Service
Start (18.05.2013 19:06:42)
Running Repair Under Current User Account
Le service Clich‚ instantan‚ des volumes n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Fournisseur de clich‚ instantan‚ de logiciel Microsoft n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Running Repair Under System Account
Le service Clich‚ instantan‚ des volumes n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Le service Fournisseur de clich‚ instantan‚ de logiciel Microsoft n'est pas lanc‚.

Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

Done (18.05.2013 19:06:47)

Repair MSI (Windows Installer)
Start (18.05.2013 19:06:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:06:56)

Repair bat Association
Start (18.05.2013 19:06:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:00)

Repair cmd Association
Start (18.05.2013 19:07:00)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:05)

Repair com Association
Start (18.05.2013 19:07:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:10)

Repair Directory Association
Start (18.05.2013 19:07:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:14)

Repair Drive Association
Start (18.05.2013 19:07:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:19)

Repair exe Association
Start (18.05.2013 19:07:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:24)

Repair Folder Association
Start (18.05.2013 19:07:24)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:28)

Repair inf Association
Start (18.05.2013 19:07:28)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:33)

Repair lnk (Shortcuts) Association
Start (18.05.2013 19:07:33)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:38)

Repair msc Association
Start (18.05.2013 19:07:38)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:42)

Repair reg Association
Start (18.05.2013 19:07:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:47)

Repair scr Association
Start (18.05.2013 19:07:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:51)

Repair Windows Safe Mode
Start (18.05.2013 19:07:52)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:07:56)

Repair Print Spooler
Start (18.05.2013 19:07:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:08:09)

Restore Important Windows Services
Start (18.05.2013 19:08:09)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:08:14)

Set Windows Services To Default Startup
Start (18.05.2013 19:08:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (18.05.2013 19:08:18)

Cleaning up empty logs...

All Selected Repairs Done.
Done (18.05.2013 19:08:18)
Total Repair Time: 00:08:07


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account