TechSpot

Cannot install anything

Solved
By Lainkiller
May 17, 2013
  1. Hello im from Switzerland, since 2 days I can't install progams, it says there is a problem with " C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll " or with " dpx.dll " or " image error ".

    I am not very good in computer things. ^.^

    thank you !!


    ----

    I used Eset Online scanner :

    C:\Program Files (x86)\1ClickDownload\uninst.exe Win32/Adware.1ClickDownload application
    C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe a variant of Win32/Adware.RegistryEasy application
    C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\Andrea\AppData\Local\Temp\jar_cache5265126559337476897.tmp multiple threats
    C:\Users\Andrea\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
    C:\Users\Andrea\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application
    C:\Users\Andrea\AppData\Local\Temp\YontooLayers\yl.js JS/Adware.Yontoo.A application
    C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe a variant of Win32/Adware.RegistryEasy application
    C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe a variant of Win32/Adware.RegistryEasy application
    C:\Users\Andrea\Downloads\setup.exe Win32/Adware.Bundlore application
    ----

    and Malwarebytes in french sry



    alwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Version de la base de données: v2013.05.17.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrea :: ANDREA-PC [administrateur]

    18.05.2013 00:55:39
    mbam-log-2013-05-18 (00-55-39).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 248082
    Temps écoulé: 8 minute(s), 23 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 3
    C:\Users\Andrea\AppData\Local\Temp\tool.exe (Adware.Dropper) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\Andrea\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\Andrea\Downloads\WebPlayer_V16.exe (Trojan.RepackedSetup.SFX) -> Mis en quarantaine et supprimé avec succès.

    (fin)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Ok so " attach " then " DDS ":

    ------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Édition Familiale Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27.09.2011 10:36:41
    System Uptime: 17.05.2013 18:07:02 (8 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2112/267mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 286.934 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Lexmark X422
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Lexmark
    Name: Lexmark X422
    PNP Device ID: ROOT\IMAGE\0000
    Service: usbscan
    .
    ==== System Restore Points ===================
    .
    RP1444: 17.05.2013 03:00:24 - Windows Update
    RP1446: 17.05.2013 03:42:19 - Windows Update
    RP1447: 17.05.2013 17:17:55 - DirectX est installé
    RP1448: 17.05.2013 17:18:55 - DirectX est installé
    RP1449: 17.05.2013 17:27:07 - DirectX est installé
    RP1450: 17.05.2013 17:40:01 - DirectX est installé
    RP1452: 17.05.2013 18:10:50 - Windows Update
    RP1454: 17.05.2013 18:28:37 - Windows Update
    RP1456: 17.05.2013 18:29:15 - Windows Update
    RP1457: 17.05.2013 19:50:00 - DirectX est installé
    RP1458: 17.05.2013 23:08:58 - DirectX est installé
    RP1459: 18.05.2013 00:46:54 - DirectX est installé
    .
    ==== Installed Programs ======================
    .
    1ClickDownload
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.2) - Français
    Advanced PC Tweaker v4.2
    ALTools Update
    ALZip
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    AVG Security Toolbar
    Babylon toolbar on IE
    Battlefield 3™ Open Beta
    Battlelog Web Plugins
    BearShare
    BitTorrent
    BittorrentBar_FR Toolbar
    Bonjour
    Brother MFL-Pro Suite DCP-7055
    Coffret de pilotes Logitech Webcam Software
    Complitly
    Configuration DivX
    D3DX10
    Easy Password Storage
    ESET Online Scanner v3
    ESN Sonar
    FileServe Manager 1.0.0.3466
    Getax Uninstaller
    GOM Player
    GOMTV Streamer
    Google Chrome
    Google Update Helper
    Google Earth
    HotForex MetaTrader
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 31
    King Arthur's Gold
    Logitech Vid HD
    Logitech Webcam Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    MediaBar
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile FRA Language Pack
    Microsoft Application Error Reporting
    Microsoft Lync 2010
    Microsoft Office 365 Home Premium Preview - en-us
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mises à jour NVIDIA 1.11.3
    Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    Mozilla Firefox 20.0.1 (x86 fr)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    NavyFIELD French
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    NVIDIA 3D Vision Controller Driver
    NVIDIA Install Application
    NVIDIA Logiciel système PhysX 9.11.0621
    NVIDIA PhysX
    NVIDIA Pilote 3D Vision 311.06
    NVIDIA Pilote du contrôleur 3D Vision 285.38
    NVIDIA Pilote graphique 311.06
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Components
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    OpenOffice.org 3.4
    Origin
    Pando Media Booster
    Panneau de configuration NVIDIA 311.06
    PaperPort Image Printer 64-bit
    PokerStars.fr
    PunkBuster Services
    QuickTime
    RegUtility version 4.1
    Roulettechat Adultes
    Scansoft PDF Professional
    searchweb
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
    Settlers3Demo
    Skype Click to Call
    Skype™ 6.3
    Star Wars: The Old Republic
    StarCraft II
    Steam
    System Requirements Lab
    TeamSpeak 3 Client
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Webplayer
    Windows Live
    Windows Live Communications Platform
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.01 (32-bit)
    World of Tanks
    Yontoo 1.10.02
    Z Steel Soldiers (Demo)
    .
    ==== End Of File ===========================





    -----------------------

    Now DDS :

    -------------





    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.21.2
    Run by Andrea at 2:04:44 on 2013-05-18
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.1313 [GMT 2:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\FileServe Manager\FSStarter.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
    uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbhelper.dll
    uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
    mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: FileServeManager: {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll
    BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\Complitly.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
    BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
    BHO: TBSB02609 Class: {C0924543-15FD-4F3D-889C-0B4562A9CB45} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: BittorrentBar_FR Toolbar: {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    TB: searchweb: {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    uRun: [Google Update] "C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    uRun: [cacaoweb] "C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [SkyDrive] "C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [FileServe Manager Task] "C:\Program Files (x86)\FileServe Manager\FSStarter.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Andrea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROULET~1.LNK - C:\Program Files (x86)\roulettechat\roulettechat.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    IE: {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{DEA25106-2353-4F72-AC32-467EB07EC95F} : DHCPNameServer = 192.168.1.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    AppInit_DLLs= C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\64\Complitly64.dll
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-9-27 969200]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-9-27 359464]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 39768]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-9-27 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-9-27 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-8 44808]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-27 13592]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-11-4 1494144]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-24 245760]
    R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
    R3 LVUVC64;Logitech QuickCam Fusion(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-9-11 178808]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-27 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-05-17 22:54:38 -------- d-----w- C:\Users\Andrea\AppData\Roaming\Malwarebytes
    2013-05-17 22:54:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-05-17 22:54:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-05-17 22:54:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-17 22:44:18 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat
    2013-05-17 22:44:17 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe
    2013-05-17 20:32:00 -------- d-----w- C:\Program Files (x86)\ESET
    2013-05-17 19:55:59 -------- d-----w- C:\Program Files (x86)\Advanced PC Tweaker
    2013-05-17 19:55:52 -------- d-----w- C:\Users\Andrea\AppData\Local\Programs
    2013-05-17 19:49:56 -------- d-----w- C:\Program Files (x86)\RegUtility
    2013-05-17 18:41:18 -------- d-----w- C:\ProgramData\NexonEU
    2013-05-17 17:54:34 -------- d-----w- C:\Download
    2013-05-17 17:53:56 -------- d-----w- C:\Nexon
    2013-05-17 16:11:02 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\offreg.dll
    2013-05-17 15:56:17 26624 ----a-w- C:\Windows\System32\drivers\sermouse.sys
    2013-05-17 15:41:45 -------- d-----w- C:\d717a38f72b1053be2bdd56dd09590a8
    2013-05-17 15:17:35 -------- d--h--w- C:\Windows\msdownld.tmp
    2013-05-17 15:17:35 -------- d-----w- C:\Windows\SysWow64\directx
    2013-05-17 15:17:32 -------- d-----w- C:\Games
    2013-05-17 12:26:05 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
    2013-05-17 01:01:30 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-17 01:01:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-16 10:05:08 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-16 10:05:06 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-16 10:05:06 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-16 10:05:06 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-16 10:04:36 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-16 10:04:36 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-16 10:04:36 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-16 10:04:08 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-05-16 10:02:42 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-16 10:02:42 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-05-03 17:20:00 -------- d-----w- C:\Program Files\eFusion
    2013-05-03 17:03:40 -------- d-----w- C:\Program Files\SD EnterNET
    2013-05-03 16:52:23 -------- d-----w- C:\Users\Andrea\AppData\Local\PMB Files
    2013-05-03 16:52:15 -------- d-----w- C:\ProgramData\PMB Files
    2013-05-03 16:52:01 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2013-04-25 10:10:02 -------- d-----w- C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
    2013-04-24 15:27:24 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-24 15:21:33 -------- d-----w- C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
    2013-04-23 15:12:09 -------- d-----w- C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
    2013-04-22 14:47:40 -------- d-----w- C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
    2013-04-21 12:00:07 -------- d-----w- C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
    2013-04-20 23:59:44 -------- d-----w- C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
    2013-04-20 11:59:20 -------- d-----w- C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
    2013-04-19 10:52:17 -------- d-----w- C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
    2013-04-18 15:05:45 -------- d-----w- C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
    2013-04-18 09:47:31 -------- d-----w- C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}
    .
    ==================== Find3M ====================
    .
    2013-05-17 16:16:02 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-17 16:16:00 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-05-17 16:16:00 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-05-17 15:56:14 67072 ----a-w- C:\Windows\SysWow64\CertEnrollCtrl.exe
    2013-05-17 15:56:07 44032 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
    2013-05-14 23:09:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 23:09:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-02-18 20:13:44 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    .
    ============= FINISH: 2:05:31.45 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    I can't install Malwarebytes Anti-Rootkit, it says I need " QtGui4.dll " on my computer.


    RogueKiller Report :

    ----------



    RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
    Site Web : http://www.sur-la-toile.com/RogueKiller/
    Blog : http://tigzyrk.blogspot.com/

    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : Andrea [Droits d'admin]
    Mode : Suppression -- Date : 18/05/2013 02:34:03
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 4 ¤¤¤
    [RUN][BLPATH] HKCU\[...]\Run : cacaoweb ("C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) [-] -> SUPPRIMÉ
    [RUN][BLPATH] HKUS\S-1-5-21-1356140123-1956174812-4015511781-1001[...]\Run : cacaoweb ("C:\Users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) [-] -> SUPPRIMÉ
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [NON CHARGE] ¤¤¤

    ¤¤¤ Infection : Rogue.ProgFiles ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: Volume0 +++++
    --- User ---
    [MBR] 87b253a3458e6c7b957500a0b3ed9e60
    [BSP] 04e8ed28453b4996c9fcfd5278dd1cf4 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476843 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Termine : << RKreport[2]_D_18052013_023403.txt >>
    RKreport[1]_S_18052013_023210.txt ; RKreport[2]_D_18052013_023403.txt






    --------------------------

    Malwarebytes Anti-Rootkit Report :

    -----------------
     
  6. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Restart computer, disable your AV program and try again.
     
  7. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    AV program = Avast ?

    I restarted and disable avast but it still say QtGui4.dll
     
  8. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Combofix :

    --------------------


    ComboFix 13-05-16.02 - Andrea 18.05.2013 3:30.1.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.2479 [GMT 2:00]
    Lancé depuis: c:\users\Andrea\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Complitly
    c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
    c:\program files (x86)\Complitly\FireFoxExtension.exe
    c:\program files (x86)\Complitly\InstTracker.exe
    c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
    c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
    c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
    c:\program files (x86)\Complitly\unins000.dat
    c:\program files (x86)\Complitly\unins000.exe
    c:\program files (x86)\searchweb\tbunscADA.tmp\tbHElper.dll
    c:\users\Andrea\AppData\Roaming\cacaoweb
    c:\users\Andrea\AppData\Roaming\cacaoweb\cacaoweb.exe
    c:\users\Andrea\AppData\Roaming\cacaoweb\errorlog.txt
    c:\users\Andrea\AppData\Roaming\cacaoweb\npdfile.dat
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating102017C4736805ADFF6A6DD9E00BE315.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1CBA09C88CEC85767BCBF38F1B8B4F14.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1D11FBB853C7867FF281811C65BB12FA.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1D42AC2C321FFBFEF5E2F0607521D53C.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating2FB4A145F6471999EFB78ED544FB38AC.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating489870EF3FE94727D06F4C5A91BCCD10.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating4EC0421820AC3ECCEE42404E756CA56F.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating7F5D81A1EFF676FCA380D4CA93B3B536.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating83AC4A176B3B79955740930D56CE3CF1.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8CA96CF716F6D4BE5814175F890EFB43.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE0F769941F6862AFC70F539CBB5D9C06.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF052C0B04887B2405504AA2C4463BE9A.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF3014E60E3BF97186CC837126054735D.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFC30B5732AB8CC6CC2F89A11E376AC54.cacao
    c:\users\Andrea\AppData\Roaming\cacaoweb\storage.db
    c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
    c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
    .
    Une copie infectée de c:\windows\System32\AtBroker.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
    .
    Une copie infectée de c:\windows\System32\autoconv.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe
    .
    Une copie infectée de c:\windows\System32\bitsadmin.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
    .
    Une copie infectée de c:\windows\System32\bootcfg.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
    .
    Une copie infectée de c:\windows\System32\chkntfs.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe
    .
    Une copie infectée de c:\windows\System32\clip.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe
    .
    Une copie infectée de c:\windows\System32\ddodiag.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe
    .
    Une copie infectée de c:\windows\System32\DeviceProperties.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe
    .
    Une copie infectée de c:\windows\System32\diantz.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe
    .
    Une copie infectée de c:\windows\System32\diskpart.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe
    .
    Une copie infectée de c:\windows\System32\DpiScaling.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe
    .
    Une copie infectée de c:\windows\System32\dxdiag.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe
    .
    Une copie infectée de c:\windows\System32\eudcedit.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe
    .
    Une copie infectée de c:\windows\System32\extrac32.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe
    .
    Une copie infectée de c:\windows\System32\fontview.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe
    .
    Une copie infectée de c:\windows\System32\LocationNotifications.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe
    .
    Une copie infectée de c:\windows\System32\Magnify.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_ca22c913b260e66a\Magnify.exe
    .
    Une copie infectée de c:\windows\System32\MigAutoPlay.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
    .
    Une copie infectée de c:\windows\System32\mmc.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe
    .
    Une copie infectée de c:\windows\System32\migwiz\mighost.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\mighost.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-04-18 au 2013-05-18 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-05-18 01:40 . 2013-05-18 01:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-05-18 01:40 . 2013-05-18 01:40 -------- d-----w- c:\users\hedev\AppData\Local\temp
    2013-05-18 00:44 . 2013-05-18 00:44 8576000 ----a-w- c:\windows\SysWow64\qtgui4.dll
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\users\Andrea\AppData\Roaming\dll-files.com
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\programdata\Logs
    2013-05-18 00:44 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-17 22:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-05-17 15:17 . 2013-05-17 15:17 -------- d-----w- C:\Games
    2013-05-17 12:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
    2013-05-17 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
    2013-05-17 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-17 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-05-16 10:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-05-16 10:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2013-05-16 10:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-05-16 10:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-05-16 10:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-05-16 10:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-16 10:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-16 10:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-16 10:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-05-16 10:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-16 10:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-16 10:02 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-03 17:20 . 2013-05-03 17:20 -------- d-----w- c:\program files\eFusion
    2013-05-03 17:03 . 2013-05-03 17:03 -------- d-----w- c:\program files\SD EnterNET
    2013-05-03 16:52 . 2013-05-18 01:41 -------- d-----w- c:\users\Andrea\AppData\Local\PMB Files
    2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\programdata\PMB Files
    2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\program files (x86)\Pando Networks
    2013-04-25 15:24 . 2013-04-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-04-24 15:27 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-17 16:16 . 2013-02-10 01:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-17 16:16 . 2013-02-10 01:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-05-17 16:16 . 2011-09-27 16:44 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-05-17 15:56 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe
    2013-05-17 15:56 . 2009-07-13 23:52 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
    2013-05-14 23:09 . 2012-03-30 15:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-14 23:09 . 2011-09-27 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 13:32 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-03 14:15 . 2011-09-27 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
    2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-13 05:49 . 2013-05-16 10:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-16 10:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-16 10:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-16 10:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-03-19 06:04 . 2013-04-10 21:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-10 21:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-10 21:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 21:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-10 21:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-10 21:04 112640 ----a-w- c:\windows\system32\smss.exe
    2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-25 22:32 . 2011-09-27 11:33 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
    2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-18 20:13 . 2012-09-03 16:14 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\SysWOW64\cngaudit.dll
    [-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    .
    [-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\SysWOW64\mfc40u.dll
    [-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
    2011-09-21 18:04 1257752 ----a-w- c:\program files (x86)\FileServe Manager\FileServeBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-02-18 20:13 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}]
    2011-08-23 14:33 2656256 ------w- c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
    "{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}"= "c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll" [2011-08-23 2656256]
    "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{cdb982ed-f9d6-4e3b-b94b-96f705d35ad1}]
    [HKEY_CLASSES_ROOT\TBSB02609.TBSB02609.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB02609.TBSB02609]
    .
    [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-18 28628104]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "SkyDrive"="c:\users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-26 256600]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-03 3093624]
    "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-05-17 438272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
    "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    .
    c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Roulettechat Adultes.lnk - c:\program files (x86)\roulettechat\roulettechat.exe [2012-10-10 17524176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-09-11 178808]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
    S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
    S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
    S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:09]
    .
    2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
    .
    2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
    .
    2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
    - c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
    - c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
    .
    2013-05-18 c:\windows\Tasks\One-Click Tweak.job
    - c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-05-17 08:02]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    IE: {{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-10 - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Heure de fin: 2013-05-18 03:47:57 - La machine a redémarré
    ComboFix-quarantined-files.txt 2013-05-18 01:47
    .
    Avant-CF: 307'296'669'696 octets libres
    Après-CF: 368'784'101'376 octets libres
    .
    - - End Of File - - 4DAED29C21D4E098871999022D0B2009
     
  10. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Please re-run Combofix one more time.
     
  11. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    ComboFix 13-05-16.02 - Andrea 18.05.2013 4:30.2.4 - x64
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.41.1036.18.4095.2782 [GMT 2:00]
    Lancé depuis: c:\users\Andrea\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
    c:\users\Andrea\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . impossible à supprimer
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . impossible à supprimer
    .
    Une copie infectée de c:\windows\System32\AtBroker.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe
    .
    Une copie infectée de c:\windows\System32\autoconv.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe
    .
    Une copie infectée de c:\windows\System32\bitsadmin.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
    .
    Une copie infectée de c:\windows\System32\bootcfg.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_680b6eb133f91b1b\bootcfg.exe
    .
    Une copie infectée de c:\windows\System32\chkntfs.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe
    .
    Une copie infectée de c:\windows\System32\clip.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_03d0d3c435b27637\clip.exe
    .
    Une copie infectée de c:\windows\System32\ddodiag.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351\ddodiag.exe
    .
    Une copie infectée de c:\windows\System32\DeviceProperties.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe
    .
    Une copie infectée de c:\windows\System32\diantz.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_02bb0612dc529329\diantz.exe
    .
    Une copie infectée de c:\windows\System32\diskpart.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe
    .
    Une copie infectée de c:\windows\System32\DpiScaling.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_d63cc4dd74a11d0b\DpiScaling.exe
    .
    Une copie infectée de c:\windows\System32\dxdiag.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiag.exe
    .
    Une copie infectée de c:\windows\System32\eudcedit.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe
    .
    Une copie infectée de c:\windows\System32\extrac32.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_371e8c461d966a55\extrac32.exe
    .
    Une copie infectée de c:\windows\System32\fontview.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-fontview_31bf3856ad364e35_6.1.7600.16385_none_a058fee6d0280cab\fontview.exe
    .
    Une copie infectée de c:\windows\System32\LocationNotifications.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\LocationNotifications.exe
    .
    Une copie infectée de c:\windows\System32\Magnify.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-magnify_31bf3856ad364e35_6.1.7600.16385_none_ca22c913b260e66a\Magnify.exe
    .
    Une copie infectée de c:\windows\System32\MigAutoPlay.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\MigAutoPlay.exe
    .
    Une copie infectée de c:\windows\System32\mmc.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe
    .
    Une copie infectée de c:\windows\System32\migwiz\mighost.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_b6cddd21f1df8715\mighost.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-04-18 au 2013-05-18 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\hedev\AppData\Local\temp
    2013-05-18 02:39 . 2013-05-18 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-05-18 00:44 . 2013-05-18 00:44 8576000 ----a-w- c:\windows\SysWow64\qtgui4.dll
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\users\Andrea\AppData\Roaming\dll-files.com
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\programdata\Logs
    2013-05-18 00:44 . 2013-04-11 14:12 19392 ----a-w- c:\windows\system32\roboot64.exe
    2013-05-18 00:44 . 2013-05-18 00:44 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-17 22:54 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-17 22:54 . 2013-05-17 22:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-05-17 15:17 . 2013-05-17 15:17 -------- d-----w- C:\Games
    2013-05-17 12:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49C36CFE-44A7-40E6-9662-DBF20C3CDD8E}\mpengine.dll
    2013-05-17 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
    2013-05-17 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-17 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-05-16 10:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-05-16 10:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2013-05-16 10:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-05-16 10:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-05-16 10:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-05-16 10:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-16 10:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-16 10:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-16 10:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-05-16 10:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-16 10:02 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-16 10:02 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-03 17:20 . 2013-05-03 17:20 -------- d-----w- c:\program files\eFusion
    2013-05-03 17:03 . 2013-05-03 17:03 -------- d-----w- c:\program files\SD EnterNET
    2013-05-03 16:52 . 2013-05-18 01:41 -------- d-----w- c:\users\Andrea\AppData\Local\PMB Files
    2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\programdata\PMB Files
    2013-05-03 16:52 . 2013-05-03 16:52 -------- d-----w- c:\program files (x86)\Pando Networks
    2013-04-25 15:24 . 2013-04-25 15:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-04-24 15:27 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-17 16:16 . 2013-02-10 01:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-17 16:16 . 2013-02-10 01:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-05-17 16:16 . 2011-09-27 16:44 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-05-17 15:56 . 2009-07-13 23:33 67072 ----a-w- c:\windows\SysWow64\CertEnrollCtrl.exe
    2013-05-17 15:56 . 2009-07-13 23:52 44032 ----a-w- c:\windows\SysWow64\FwRemoteSvr.dll
    2013-05-14 23:09 . 2012-03-30 15:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-14 23:09 . 2011-09-27 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-14 13:32 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-03 14:15 . 2011-09-27 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
    2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-13 05:49 . 2013-05-16 10:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-16 10:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-16 10:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-16 10:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-16 10:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-03-19 06:04 . 2013-04-10 21:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-10 21:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-10 21:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 21:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-10 21:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-10 21:04 112640 ----a-w- c:\windows\system32\smss.exe
    2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
    2013-02-25 22:32 . 2011-09-27 11:33 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-02-25 22:32 . 2012-10-10 20:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
    2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
    2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-18 20:13 . 2012-09-03 16:14 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\SysWOW64\cngaudit.dll
    [-] 2009-07-14 01:15 . C028E7E88424517078C6D51F4B382996 . 12288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    .
    [-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\SysWOW64\mfc40u.dll
    [-] 2010-11-21 03:24 . F84EBB1A4CAC35C33B352CAAB4B6BF92 . 954288 . . [------] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}]
    2011-09-21 18:04 1257752 ----a-w- c:\program files (x86)\FileServe Manager\FileServeBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-02-18 20:13 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}]
    2011-08-23 14:33 2656256 ------w- c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
    "{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}"= "c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll" [2011-08-23 2656256]
    "{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files (x86)\BittorrentBar_FR\prxtbBitt.dll" [2011-05-09 176936]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{cdb982ed-f9d6-4e3b-b94b-96f705d35ad1}]
    [HKEY_CLASSES_ROOT\TBSB02609.TBSB02609.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB02609.TBSB02609]
    .
    [HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-11-04 16:47 2042528 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-10-18 28628104]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    "SkyDrive"="c:\users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-26 256600]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-05-03 3093624]
    "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-05-17 438272]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "FileServe Manager Task"="c:\program files (x86)\FileServe Manager\FSStarter.exe" [2011-09-21 954648]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2013-04-11 12107432]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
    "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    .
    c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Roulettechat Adultes.lnk - c:\program files (x86)\roulettechat\roulettechat.exe [2012-10-10 17524176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-09-11 178808]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
    S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
    S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]
    S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:09]
    .
    2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
    .
    2013-05-18 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-05-18 14:12]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 19:17]
    .
    2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
    - c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
    .
    2013-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
    - c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 07:40]
    .
    2013-05-18 c:\windows\Tasks\One-Click Tweak.job
    - c:\program files (x86)\Advanced PC Tweaker\OneClick.exe [2013-05-17 08:02]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-11-04 16:42 2860192 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download with FileServe Manager - c:\program files (x86)\FileServe Manager\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    IE: {{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - c:\program files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-10 - (no file)
    WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Heure de fin: 2013-05-18 04:45:56 - La machine a redémarré
    ComboFix-quarantined-files.txt 2013-05-18 02:45
    ComboFix2.txt 2013-05-18 01:47
    .
    Avant-CF: 368'401'154'048 octets libres
    Après-CF: 368'104'194'048 octets libres
    .
    - - End Of File - - F2BA22043B4B3D68A8F3FB44CB193D27
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    I'm not sure yet what we're dealing here with....

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
     
  13. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Farbar :

    FRST :

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
    Ran by Andrea (administrator) on 18-05-2013 05:25:24
    Running from C:\Users\Andrea\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
    Internet Explorer Version 9
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (MusicLab, LLC) C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    () C:\Program Files (x86)\AVG Secure Search\vprot.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Farbar) C:\Users\Andrea\Downloads\FRST64.exe

    ==================== Registry (Whitelisted) ==================

    HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-04] (Valve Corporation)
    HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [28628104 2011-10-19] (Electronic Arts)
    HKCU\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    HKCU\...\Run: [SkyDrive] "C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [256600 2013-04-26] (Microsoft Corporation)
    HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-05-03] ()
    HKCU\...\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-05-18] (NEXON Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [FileServe Manager Task] "C:\Program Files (x86)\FileServe Manager\FSStarter.exe" [954648 2011-09-21] (FileServe Limited)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [1598392 2011-08-09] (MusicLab, LLC)
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
    HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey [12107432 2013-04-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [29984 2010-03-09] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [328992 2010-02-09] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll [1792944 2011-08-09] (MusicLab, LLC)
    Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Roulettechat Adultes.lnk
    ShortcutTarget: Roulettechat Adultes.lnk -> C:\Program Files (x86)\roulettechat\roulettechat.exe (Rentabiliweb)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: (No Name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - No File
    HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=88dcd4be0000000000000019dbb1bf42
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={...a9fedee97&lang=fr&ds=gm011&pr=sa&d=2012-04-08 02:41:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
    BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
    BHO-x32: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Andrea\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO-x32: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: TBSB02609 Class - {C0924543-15FD-4F3D-889C-0B4562A9CB45} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll ()
    BHO-x32: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    BHO-x32: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll (Conduit Ltd.)
    BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM-x32 - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
    Toolbar: HKLM-x32 - searchweb - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - C:\Program Files (x86)\searchweb\tbunscADA.tmp\tbcore3.dll ()
    Toolbar: HKLM-x32 - BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files (x86)\BittorrentBar_FR\prxtbBitt.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
    Toolbar: HKCU - No Name - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - No File
    PDF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
    Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)
    Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: No Name - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

    Chrome:
    =======
    CHR RestoreOnStartup: "urls_to_restore_on_startup": null
    CHR DefaultSearchURL: (AVG Secure Search) - http://isearch.avg.com/search?cid={...a9fedee97&lang=fr&ds=gm011&pr=sa&d=2012-04-08 02:41:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    CHR DefaultSuggestURL: (AVG Secure Search) - http://toolbar.avg.com/acp?q={searchTerms}&o=1
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
    CHR Plugin: (FileServe Manager) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0\FSChromeAddOn.dll (FileServe Limited)
    CHR Plugin: (Skype Toolbars) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Google Update) - C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Complitly plugin for chrome) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0
    CHR Extension: (FS Extension) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpgkjhpjldibdbbppfcabadmpfenkdfe\1.0.0.3466_0
    CHR Extension: (avast! WebRep) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
    CHR Extension: (Skype Click to Call) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
    CHR Extension: (AVG Security Toolbar) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
    CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1494144 2012-09-11] (Microsoft Corporation)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
    R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-09-30] ()
    R2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()


    next on next post
     
  14. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    ==================== Drivers (Whitelisted) ====================

    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
    R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] ()
    S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-18 05:25 - 2013-05-18 05:25 - 00000000 ____D C:\FRST
    2013-05-18 05:24 - 2013-05-18 05:24 - 01877468 ____A (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
    2013-05-18 04:45 - 2013-05-18 04:45 - 00033694 ____A C:\ComboFix.txt
    2013-05-18 03:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-05-18 03:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-05-18 03:28 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-05-18 03:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-05-18 03:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-05-18 03:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
    2013-05-18 03:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
    2013-05-18 03:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
    2013-05-18 03:26 - 2013-05-18 04:45 - 00000000 ____D C:\Qoobox
    2013-05-18 03:26 - 2013-05-18 04:41 - 00000000 ____D C:\Windows\erdnt
    2013-05-18 02:56 - 2013-05-18 03:10 - 00000000 ____D C:\Users\Andrea\Downloads\mbar
    2013-05-18 02:55 - 2013-05-18 02:56 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001 (1).zip
    2013-05-18 02:44 - 2013-05-18 02:51 - 00000294 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
    2013-05-18 02:44 - 2013-05-18 02:51 - 00000278 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
    2013-05-18 02:44 - 2013-05-18 02:44 - 08576000 ____A (Digia Plc and/or its subsidiary(-ies)) C:\Windows\SysWOW64\qtgui4.dll
    2013-05-18 02:44 - 2013-05-18 02:44 - 00001092 ____A C:\Users\Public\Desktop\Dll-Files Fixer.lnk
    2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\dll-files.com
    2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
    2013-05-18 02:44 - 2013-04-11 16:12 - 00019392 ____A (Dll-Files.com) C:\Windows\System32\roboot64.exe
    2013-05-18 02:43 - 2013-05-18 02:43 - 04241280 ____A (Dll-Files.com ) C:\Users\Andrea\Downloads\dffsetup-qtgui4.exe
    2013-05-18 02:34 - 2013-05-18 02:34 - 00001801 ____A C:\Users\Andrea\Desktop\RKreport[2]_D_18052013_023403.txt
    2013-05-18 02:34 - 2013-05-18 02:34 - 00000000 ____D C:\Users\Andrea\Downloads\mbar-1.05.0.1001
    2013-05-18 02:33 - 2013-05-18 02:34 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001.zip
    2013-05-18 02:32 - 2013-05-18 02:32 - 00001917 ____A C:\Users\Andrea\Desktop\RKreport[1]_S_18052013_023210.txt
    2013-05-18 02:30 - 2013-05-18 02:33 - 00000000 ____D C:\Users\Andrea\Desktop\RK_Quarantine
    2013-05-18 02:29 - 2013-05-18 02:30 - 00791040 ____A C:\Users\Andrea\Downloads\RogueKillerX64.exe
    2013-05-18 02:05 - 2013-05-18 02:05 - 00025668 ____A C:\Users\Andrea\Desktop\dds.txt
    2013-05-18 02:05 - 2013-05-18 02:05 - 00006266 ____A C:\Users\Andrea\Desktop\attach.txt
    2013-05-18 02:04 - 2013-05-18 02:04 - 00688992 ____R (Swearware) C:\Users\Andrea\Downloads\dds.com
    2013-05-18 00:54 - 2013-05-18 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
    2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-18 00:54 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-18 00:53 - 2013-05-18 00:53 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-18 00:44 - 2013-05-18 00:44 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
    2013-05-18 00:44 - 2013-05-18 00:44 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
    2013-05-17 23:11 - 2013-05-17 23:11 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate (1).exe
    2013-05-17 22:32 - 2013-05-17 22:32 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-17 22:31 - 2013-05-17 22:31 - 02347384 ____A (ESET) C:\Users\Andrea\Downloads\esetsmartinstaller_enu.exe
    2013-05-17 22:25 - 2013-05-18 03:26 - 05066411 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
    2013-05-17 22:23 - 2013-05-17 22:23 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe
    2013-05-17 22:21 - 2013-05-17 22:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
    2013-05-17 22:21 - 2013-05-17 22:21 - 00030786 ____A C:\Users\Andrea\Downloads\hijackthis.log
    2013-05-17 21:56 - 2013-05-18 02:51 - 00000526 ____A C:\Windows\Tasks\One-Click Tweak.job
    2013-05-17 21:56 - 2013-05-17 21:56 - 00001133 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker.lnk
    2013-05-17 21:56 - 2013-05-17 21:56 - 00001088 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
    2013-05-17 21:55 - 2013-05-17 22:01 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
    2013-05-17 21:55 - 2013-05-17 21:55 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe
    2013-05-17 21:49 - 2013-05-17 21:49 - 00001035 ____A C:\Users\Public\Desktop\RegUtility.lnk
    2013-05-17 21:49 - 2013-05-17 21:49 - 00000000 ____D C:\Program Files (x86)\RegUtility
    2013-05-17 21:48 - 2013-05-17 21:49 - 02580315 ____A ( ) C:\Users\Andrea\Downloads\RegUtility_Setup.exe
    2013-05-17 20:43 - 2013-05-17 20:43 - 03733400 ____A (Nexon) C:\Users\Andrea\Downloads\Setup(1).exe
    2013-05-17 20:41 - 2013-05-17 20:42 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(2).exe
    2013-05-17 20:40 - 2013-05-17 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(1).exe
    2013-05-17 19:54 - 2013-05-17 20:42 - 00000000 ____D C:\Download
    2013-05-17 19:53 - 2013-05-18 00:44 - 00000000 ____D C:\Nexon
    2013-05-17 19:53 - 2013-05-17 19:53 - 00530056 ____A (Nexon) C:\Users\Andrea\Downloads\NF2_Downloader.exe
    2013-05-17 17:56 - 2009-07-14 02:00 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys
    2013-05-17 17:41 - 2013-05-17 18:06 - 00000000 ____D C:\d717a38f72b1053be2bdd56dd09590a8
    2013-05-17 17:41 - 2013-05-17 17:41 - 00889416 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\dotNetFx40_Full_setup.exe
    2013-05-17 17:41 - 2013-05-03 15:57 - 72607752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2013-05-17 17:40 - 2013-05-17 17:40 - 20214408 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\Windows-KB890830-V4.20.exe
    2013-05-17 17:17 - 2013-05-18 00:44 - 00000769 ____A C:\Users\Public\Desktop\World of Tanks.lnk
    2013-05-17 17:17 - 2013-05-18 00:44 - 00000000 ___HD C:\Windows\msdownld.tmp
    2013-05-17 17:17 - 2013-05-17 17:17 - 09304264 ____A (Wargaming.net ) C:\Users\Andrea\Downloads\WoT_internet_install_eu.exe
    2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Games
    2013-05-17 03:01 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-17 03:01 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-17 03:01 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-17 03:01 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-16 12:05 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-16 12:05 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-16 12:05 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-16 12:05 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-16 12:05 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-16 12:05 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-16 12:05 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-16 12:05 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-16 12:04 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-16 12:04 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-16 12:04 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-16 12:04 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-16 12:02 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-16 12:02 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-14 21:06 - 2013-05-14 21:06 - 00567859 ____A C:\Users\Andrea\Desktop\Photos du journal.htm
    2013-05-14 21:06 - 2013-05-14 21:06 - 00000000 ____D C:\Users\Andrea\Desktop\Photos du journal_fichiers
    2013-05-14 02:54 - 2013-05-14 02:55 - 00290808 ____A C:\Windows\Minidump\051413-26140-01.dmp
    2013-05-09 22:16 - 2013-05-09 22:16 - 00656293 ____A C:\Users\Andrea\Desktop\NF 1.odt
    2013-05-03 19:36 - 2013-05-03 19:36 - 00000000 ____D C:\Users\Andrea\Documents\NavyField
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000242 ____A C:\Users\Public\Desktop\NavyFIELD Europe French.url
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 ____D C:\Program Files\eFusion
    2013-05-03 19:08 - 2013-05-03 19:09 - 118310779 ____A (Acresso Software Inc. ) C:\Users\Andrea\Downloads\navyfield_manual_patch_french_1-218.exe
    2013-05-03 19:03 - 2013-05-03 19:03 - 00000000 ____D C:\Program Files\SD EnterNET
    2013-05-03 18:52 - 2013-05-18 05:25 - 00000000 ____D C:\Users\Andrea\AppData\Local\PMB Files
    2013-05-03 18:52 - 2013-05-03 19:03 - 684129157 ____A (Acresso Software Inc. ) C:\Users\Andrea\Desktop\NavyFIELD_Europe_FR.exe
    2013-05-03 18:52 - 2013-05-03 18:52 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2013-05-03 18:51 - 2013-05-03 18:51 - 03084320 ____A C:\Users\Andrea\Downloads\NavyFIELD_Europe_FR_downloader.exe
    2013-05-03 18:18 - 2013-05-03 18:18 - 00290760 ____A C:\Windows\Minidump\050313-22062-01.dmp
    2013-04-26 22:01 - 2013-04-26 22:01 - 05990472 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\SkyDriveSetup.exe
    2013-04-25 12:10 - 2013-04-25 12:10 - 00000000 ____D C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
    2013-04-24 17:27 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-24 17:21 - 2013-04-24 17:21 - 00000000 ____D C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
    2013-04-23 17:12 - 2013-04-23 17:12 - 00000000 ____D C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
    2013-04-23 00:36 - 2013-04-23 00:36 - 00290768 ____A C:\Windows\Minidump\042313-21468-01.dmp
    2013-04-22 16:47 - 2013-04-22 16:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
    2013-04-21 21:25 - 2013-04-21 21:25 - 00560352 ____A C:\Windows\Minidump\042113-23171-01.dmp
    2013-04-21 14:00 - 2013-04-21 14:00 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
    2013-04-21 01:59 - 2013-04-21 01:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
    2013-04-20 13:59 - 2013-04-20 13:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
    2013-04-19 12:52 - 2013-04-19 12:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
    2013-04-19 03:09 - 2013-04-19 03:24 - 00000000 ____D C:\Users\Andrea\Desktop\Photos trouvées
    2013-04-18 17:05 - 2013-04-18 17:06 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
    2013-04-18 11:47 - 2013-04-18 11:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}

    ==================== One Month Modified Files and Folders =======

    2013-05-18 05:25 - 2013-05-18 05:25 - 00000000 ____D C:\FRST
    2013-05-18 05:25 - 2013-05-03 18:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\PMB Files
    2013-05-18 05:24 - 2013-05-18 05:24 - 01877468 ____A (Farbar) C:\Users\Andrea\Downloads\FRST64.exe
    2013-05-18 05:11 - 2011-09-28 09:40 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000UA.job
    2013-05-18 05:09 - 2012-03-30 17:14 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-18 04:59 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-18 04:59 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-18 04:54 - 2011-10-30 05:29 - 00000000 ____D C:\Users\Andrea\AppData\Local\FileServe Manager
    2013-05-18 04:53 - 2012-10-16 23:28 - 00000000 ____D C:\Users\Andrea\AppData\Local\roulettechat
    2013-05-18 04:53 - 2011-09-30 10:34 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-05-18 04:53 - 2011-09-28 22:07 - 00000000 ____D C:\Users\Andrea\Tracing
    2013-05-18 04:52 - 2012-07-21 21:17 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-18 04:52 - 2011-09-28 21:29 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2013-05-18 04:52 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-18 04:52 - 2009-07-14 06:51 - 00086448 ____A C:\Windows\setupact.log
    2013-05-18 04:51 - 2011-09-27 10:31 - 01231733 ____A C:\Windows\WindowsUpdate.log
    2013-05-18 04:51 - 2010-11-21 05:47 - 00350416 ____A C:\Windows\PFRO.log
    2013-05-18 04:46 - 2012-07-21 21:17 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-18 04:45 - 2013-05-18 04:45 - 00033694 ____A C:\ComboFix.txt
    2013-05-18 04:45 - 2013-05-18 03:26 - 00000000 ____D C:\Qoobox
    2013-05-18 04:41 - 2013-05-18 03:26 - 00000000 ____D C:\Windows\erdnt
    2013-05-18 04:41 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
    2013-05-18 03:26 - 2013-05-17 22:25 - 05066411 ____R (Swearware) C:\Users\Andrea\Downloads\ComboFix.exe
    2013-05-18 03:10 - 2013-05-18 02:56 - 00000000 ____D C:\Users\Andrea\Downloads\mbar
    2013-05-18 02:56 - 2013-05-18 02:55 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001 (1).zip
    2013-05-18 02:54 - 2012-11-04 18:48 - 00000000 ___RD C:\Users\Andrea\SkyDrive
    2013-05-18 02:51 - 2013-05-18 02:44 - 00000294 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
    2013-05-18 02:51 - 2013-05-18 02:44 - 00000278 ____A C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
    2013-05-18 02:51 - 2013-05-17 21:56 - 00000526 ____A C:\Windows\Tasks\One-Click Tweak.job
    2013-05-18 02:44 - 2013-05-18 02:44 - 08576000 ____A (Digia Plc and/or its subsidiary(-ies)) C:\Windows\SysWOW64\qtgui4.dll
    2013-05-18 02:44 - 2013-05-18 02:44 - 00001092 ____A C:\Users\Public\Desktop\Dll-Files Fixer.lnk
    2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\dll-files.com
    2013-05-18 02:44 - 2013-05-18 02:44 - 00000000 ____D C:\Program Files (x86)\Dll-Files.com Fixer
    2013-05-18 02:43 - 2013-05-18 02:43 - 04241280 ____A (Dll-Files.com ) C:\Users\Andrea\Downloads\dffsetup-qtgui4.exe
    2013-05-18 02:34 - 2013-05-18 02:34 - 00001801 ____A C:\Users\Andrea\Desktop\RKreport[2]_D_18052013_023403.txt
    2013-05-18 02:34 - 2013-05-18 02:34 - 00000000 ____D C:\Users\Andrea\Downloads\mbar-1.05.0.1001
    2013-05-18 02:34 - 2013-05-18 02:33 - 12917756 ____A C:\Users\Andrea\Downloads\mbar-1.05.0.1001.zip
    2013-05-18 02:33 - 2013-05-18 02:30 - 00000000 ____D C:\Users\Andrea\Desktop\RK_Quarantine
    2013-05-18 02:32 - 2013-05-18 02:32 - 00001917 ____A C:\Users\Andrea\Desktop\RKreport[1]_S_18052013_023210.txt
    2013-05-18 02:30 - 2013-05-18 02:29 - 00791040 ____A C:\Users\Andrea\Downloads\RogueKillerX64.exe
    2013-05-18 02:05 - 2013-05-18 02:05 - 00025668 ____A C:\Users\Andrea\Desktop\dds.txt
    2013-05-18 02:05 - 2013-05-18 02:05 - 00006266 ____A C:\Users\Andrea\Desktop\attach.txt
    2013-05-18 02:04 - 2013-05-18 02:04 - 00688992 ____R (Swearware) C:\Users\Andrea\Downloads\dds.com
    2013-05-18 00:54 - 2013-05-18 00:54 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes
    2013-05-18 00:54 - 2013-05-18 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-18 00:53 - 2013-05-18 00:53 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-1.75.0.1300.exe
    2013-05-18 00:44 - 2013-05-18 00:44 - 00446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
    2013-05-18 00:44 - 2013-05-18 00:44 - 00000235 ____A C:\Windows\SysWOW64\nxEuUninstall.bat
    2013-05-18 00:44 - 2013-05-17 19:53 - 00000000 ____D C:\Nexon
    2013-05-18 00:44 - 2013-05-17 17:17 - 00000769 ____A C:\Users\Public\Desktop\World of Tanks.lnk
    2013-05-18 00:44 - 2013-05-17 17:17 - 00000000 ___HD C:\Windows\msdownld.tmp
    2013-05-17 23:11 - 2013-05-17 23:11 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate (1).exe
    2013-05-17 22:32 - 2013-05-17 22:32 - 00000000 ____D C:\Program Files (x86)\ESET
    2013-05-17 22:31 - 2013-05-17 22:31 - 02347384 ____A (ESET) C:\Users\Andrea\Downloads\esetsmartinstaller_enu.exe
    2013-05-17 22:23 - 2013-05-17 22:23 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup(1).exe
    2013-05-17 22:21 - 2013-05-17 22:21 - 00388608 ____A (Trend Micro Inc.) C:\Users\Andrea\Downloads\HijackThis.exe
    2013-05-17 22:21 - 2013-05-17 22:21 - 00030786 ____A C:\Users\Andrea\Downloads\hijackthis.log
    2013-05-17 22:21 - 2011-09-27 10:36 - 00000000 ____D C:\Users\Andrea\AppData\Local\VirtualStore
    2013-05-17 22:01 - 2013-05-17 21:55 - 00000000 ____D C:\Program Files (x86)\Advanced PC Tweaker
    2013-05-17 21:56 - 2013-05-17 21:56 - 00001133 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker.lnk
    2013-05-17 21:56 - 2013-05-17 21:56 - 00001088 ____A C:\Users\Andrea\Desktop\Advanced PC Tweaker 1-Click Tweak.lnk
    2013-05-17 21:55 - 2013-05-17 21:55 - 02723944 ____A (AdvancedPCTweaker.com, Inc. ) C:\Users\Andrea\Downloads\AdvancedPCTweaker_Setup.exe
    2013-05-17 21:49 - 2013-05-17 21:49 - 00001035 ____A C:\Users\Public\Desktop\RegUtility.lnk
    2013-05-17 21:49 - 2013-05-17 21:49 - 00000000 ____D C:\Program Files (x86)\RegUtility
    2013-05-17 21:49 - 2013-05-17 21:48 - 02580315 ____A ( ) C:\Users\Andrea\Downloads\RegUtility_Setup.exe
    2013-05-17 20:43 - 2013-05-17 20:43 - 03733400 ____A (Nexon) C:\Users\Andrea\Downloads\Setup(1).exe
    2013-05-17 20:42 - 2013-05-17 20:41 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(2).exe
    2013-05-17 20:42 - 2013-05-17 19:54 - 00000000 ____D C:\Download
    2013-05-17 20:41 - 2013-05-17 20:40 - 00159144 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\WindowsActivationUpdate(1).exe
    2013-05-17 19:53 - 2013-05-17 19:53 - 00530056 ____A (Nexon) C:\Users\Andrea\Downloads\NF2_Downloader.exe
    2013-05-17 18:25 - 2011-04-12 11:16 - 00704686 ____A C:\Windows\System32\perfh00C.dat
    2013-05-17 18:25 - 2011-04-12 11:16 - 00130992 ____A C:\Windows\System32\perfc00C.dat
    2013-05-17 18:25 - 2009-07-14 07:13 - 01572290 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-17 18:16 - 2013-02-10 03:16 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-05-17 18:16 - 2013-02-10 03:16 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2013-05-17 18:16 - 2013-02-10 03:16 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2013-05-17 18:16 - 2012-03-11 03:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2013-05-17 18:16 - 2012-03-11 03:52 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2013-05-17 18:16 - 2011-09-27 18:44 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-05-17 18:07 - 2011-12-08 20:36 - 00421888 ____A C:\Users\Andrea\Desktop\cacaoweb.exe
    2013-05-17 18:06 - 2013-05-17 17:41 - 00000000 ____D C:\d717a38f72b1053be2bdd56dd09590a8
    2013-05-17 18:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2013-05-17 17:56 - 2010-11-21 05:24 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browseui.dll
    2013-05-17 17:56 - 2009-07-14 01:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2013-05-17 17:56 - 2009-07-14 01:33 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
    2013-05-17 17:41 - 2013-05-17 17:41 - 00889416 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\dotNetFx40_Full_setup.exe
    2013-05-17 17:40 - 2013-05-17 17:40 - 20214408 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\Windows-KB890830-V4.20.exe
    2013-05-17 17:17 - 2013-05-17 17:17 - 09304264 ____A (Wargaming.net ) C:\Users\Andrea\Downloads\WoT_internet_install_eu.exe
    2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Games
    2013-05-17 14:20 - 2009-07-14 06:45 - 00464320 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-17 03:09 - 2012-11-04 17:52 - 00000000 ____D C:\Program Files\Microsoft Lync
    2013-05-17 03:09 - 2012-11-04 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
    2013-05-16 14:11 - 2011-09-28 09:40 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1356140123-1956174812-4015511781-1000Core.job
    2013-05-15 01:09 - 2012-03-30 17:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-15 01:09 - 2011-09-27 18:53 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-14 21:06 - 2013-05-14 21:06 - 00567859 ____A C:\Users\Andrea\Desktop\Photos du journal.htm
    2013-05-14 21:06 - 2013-05-14 21:06 - 00000000 ____D C:\Users\Andrea\Desktop\Photos du journal_fichiers
    2013-05-14 02:55 - 2013-05-14 02:54 - 00290808 ____A C:\Windows\Minidump\051413-26140-01.dmp
    2013-05-14 02:54 - 2011-11-14 23:33 - 476039305 ____A C:\Windows\MEMORY.DMP
    2013-05-14 02:54 - 2011-11-14 23:33 - 00000000 ____D C:\Windows\Minidump
    2013-05-09 22:16 - 2013-05-09 22:16 - 00656293 ____A C:\Users\Andrea\Desktop\NF 1.odt
    2013-05-07 18:13 - 2012-11-04 19:00 - 00000000 ____D C:\Users\Andrea\Desktop\Boulot fiduciare
    2013-05-05 23:36 - 2013-05-17 03:01 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-05 23:16 - 2013-05-17 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-05 21:25 - 2013-05-17 03:01 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-05 21:12 - 2013-05-17 03:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-03 19:36 - 2013-05-03 19:36 - 00000000 ____D C:\Users\Andrea\Documents\NavyField
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000242 ____A C:\Users\Public\Desktop\NavyFIELD Europe French.url
    2013-05-03 19:20 - 2013-05-03 19:20 - 00000000 ____D C:\Program Files\eFusion
    2013-05-03 19:19 - 2011-09-27 13:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-05-03 19:09 - 2013-05-03 19:08 - 118310779 ____A (Acresso Software Inc. ) C:\Users\Andrea\Downloads\navyfield_manual_patch_french_1-218.exe
    2013-05-03 19:03 - 2013-05-03 19:03 - 00000000 ____D C:\Program Files\SD EnterNET
    2013-05-03 19:03 - 2013-05-03 18:52 - 684129157 ____A (Acresso Software Inc. ) C:\Users\Andrea\Desktop\NavyFIELD_Europe_FR.exe
    2013-05-03 18:52 - 2013-05-03 18:52 - 00000000 ____D C:\Program Files (x86)\Pando Networks
    2013-05-03 18:51 - 2013-05-03 18:51 - 03084320 ____A C:\Users\Andrea\Downloads\NavyFIELD_Europe_FR_downloader.exe
    2013-05-03 18:18 - 2013-05-03 18:18 - 00290760 ____A C:\Windows\Minidump\050313-22062-01.dmp
    2013-05-03 16:15 - 2011-09-27 10:44 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-03 15:57 - 2013-05-17 17:41 - 72607752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2013-05-02 02:06 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-04-26 22:01 - 2013-04-26 22:01 - 05990472 ____A (Microsoft Corporation) C:\Users\Andrea\Downloads\SkyDriveSetup.exe
    2013-04-26 22:01 - 2012-11-04 18:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
    2013-04-25 17:27 - 2011-09-27 18:30 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Skype
    2013-04-25 17:24 - 2011-09-28 20:57 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2013-04-25 17:24 - 2011-09-27 18:30 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2013-04-25 17:24 - 2011-09-27 18:30 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-04-25 12:10 - 2013-04-25 12:10 - 00000000 ____D C:\Users\Andrea\AppData\Local\{63E5FCE7-3AD3-4D03-A340-24B9BC472DD1}
    2013-04-24 17:21 - 2013-04-24 17:21 - 00000000 ____D C:\Users\Andrea\AppData\Local\{EE000DA9-C800-43FB-B893-E3D29F30AA92}
    2013-04-23 19:11 - 2013-04-12 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-04-23 17:12 - 2013-04-23 17:12 - 00000000 ____D C:\Users\Andrea\AppData\Local\{A551CBEC-149E-4788-BB28-BDAAEFA91430}
    2013-04-23 00:36 - 2013-04-23 00:36 - 00290768 ____A C:\Windows\Minidump\042313-21468-01.dmp
    2013-04-22 16:47 - 2013-04-22 16:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{4694E429-8670-49B0-A4D5-1A33431A5F2D}
    2013-04-21 21:25 - 2013-04-21 21:25 - 00560352 ____A C:\Windows\Minidump\042113-23171-01.dmp
    2013-04-21 14:00 - 2013-04-21 14:00 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5987831D-55F9-4462-A0F4-0C770A793CA1}
    2013-04-21 01:59 - 2013-04-21 01:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E9C5B031-1676-4420-AB58-A76798ED015D}
    2013-04-20 13:59 - 2013-04-20 13:59 - 00000000 ____D C:\Users\Andrea\AppData\Local\{8C1E3D26-02E9-48EB-870F-86ABD2436B65}
    2013-04-19 12:52 - 2013-04-19 12:52 - 00000000 ____D C:\Users\Andrea\AppData\Local\{E2AD8C67-434A-447D-A705-4C3522A85E7F}
    2013-04-19 03:24 - 2013-04-19 03:09 - 00000000 ____D C:\Users\Andrea\Desktop\Photos trouvées
    2013-04-18 17:06 - 2013-04-18 17:05 - 00000000 ____D C:\Users\Andrea\AppData\Local\{5F327524-9D04-4120-81AC-4458411B9587}
    2013-04-18 11:47 - 2013-04-18 11:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\{D6FC719A-58BB-4329-9AD5-A1BD243FDDD3}

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    Last Boot: 2013-05-06 17:21

    ==================== End Of Log ============================
     
  15. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Farbar Additional :





    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2013
    Ran by Andrea at 2013-05-18 05:26:08 Run:
    Running from C:\Users\Andrea\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    1ClickDownload (Version: 2.1 Build 26473)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
    Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
    Adobe Reader X (10.1.2) - Français (Version: 10.1.2)
    Advanced PC Tweaker v4.2 (Version: 4.2)
    ALTools Update
    ALZip (Version: v8.0 beta1)
    Apple Application Support (Version: 2.3)
    Apple Mobile Device Support (Version: 4.0.0.96)
    Apple Software Update (Version: 2.1.3.127)
    avast! Free Antivirus (Version: 7.0.1466.0)
    AVG Security Toolbar (Version: 14.2.0.1)
    Babylon toolbar on IE
    Battlefield 3™ Open Beta (Version: 1.0.0.0)
    Battlelog Web Plugins (Version: 0.80.0)
    BearShare (Version: 10.0.0.112380)
    BitTorrent (Version: 7.6.0)
    BittorrentBar_FR Toolbar (Version: 6.8.5.1)
    Bonjour (Version: 3.0.0.10)
    Brother MFL-Pro Suite DCP-7055 (Version: 1.0.7.0)
    Coffret de pilotes Logitech Webcam Software (Version: 12.10.1110)
    Complitly
    Configuration DivX (Version: 2.6.1.8)
    D3DX10 (Version: 15.4.2368.0902)
    Dll-Files Fixer (Version: 1.0)
    Easy Password Storage
    ESET Online Scanner v3
    ESN Sonar (Version: 0.70.0)
    FileServe Manager 1.0.0.3466
    Getax Uninstaller
    GOM Player (Version: 2.1.39.5101)
    GOMTV Streamer (Version: 1.0.0.26)
    Google Chrome (Version: 26.0.1410.64)
    Google Update Helper (Version: 1.3.21.145)
    Google Earth (Version: 7.0.3.8542)
    HotForex MetaTrader (Version: 4.00)
    Intel(R) Control Center (Version: 1.2.1.1007)
    Intel(R) Rapid Storage Technology (Version: 10.5.0.1026)
    iTunes (Version: 10.5.0.142)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.0)
    Java(TM) 6 Update 31 (Version: 6.0.310)
    King Arthur's Gold (Version: 0.95.428.0)
    Logitech Vid HD (Version: 7.2 (7259))
    Logitech Webcam Software (Version: 12.10.1113)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    MediaBar (Version: 3.0.0.112129)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Lync 2010 (Version: 4.0.7577.4388)
    Microsoft Office 365 Home Premium Preview - en-us (Version: 15.0.4128.1025)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SkyDrive (Version: 17.0.2006.0314)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Mises à jour NVIDIA 1.11.3 (Version: 1.11.3)
    Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
    Mozilla Firefox 20.0.1 (x86 fr) (Version: 20.0.1)
    Mozilla Maintenance Service (Version: 20.0.1)
    MSVCRT (Version: 15.4.2862.0708)
    MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
    MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
    NavyFIELD French (Version: 1.00.0000)
    Nuance PaperPort 12 (Version: 12.1.0000)
    Nuance PDF Viewer Plus (Version: 5.30.3290)
    NVIDIA 3D Vision Controller Driver (Version: 280.19)
    NVIDIA Install Application (Version: 2.1002.108.688)
    NVIDIA Logiciel système PhysX 9.11.0621 (Version: 9.11.0621)
    NVIDIA PhysX (Version: 9.11.0621)
    NVIDIA Pilote 3D Vision 311.06 (Version: 311.06)
    NVIDIA Pilote du contrôleur 3D Vision 285.38 (Version: 285.38)
    NVIDIA Pilote graphique 311.06 (Version: 311.06)
    NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
    NVIDIA Update Components (Version: 1.11.3)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4128.1025)
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4128.1022)
    OpenOffice.org 3.4 (Version: 3.4.9590)
    Origin (Version: 8.3.0.3527)
    Pando Media Booster (Version: 2.6.0.8)
    Panneau de configuration NVIDIA 311.06 (Version: 311.06)
    PaperPort Image Printer 64-bit (Version: 1.00.0001)
    PokerStars.fr
    PunkBuster Services (Version: 0.991)
    QuickTime (Version: 7.73.80.64)
    RegUtility version 4.1 (Version: 4.1)
    Roulettechat Adultes (Version: 3.5.20.3)
    Scansoft PDF Professional
    searchweb (Version: 1.0.1)
    Settlers3Demo
    Skype Click to Call (Version: 5.9.9216)
    Skype™ 6.3 (Version: 6.3.105)
    Star Wars: The Old Republic (Version: 1.00)
    StarCraft II (Version: 1.4.3.21029)
    Steam (Version: 1.0.0.0)
    System Requirements Lab
    TeamSpeak 3 Client
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    WebPlayer (Version: 1.0.0)
    Webplayer (Version: 2.5.0)
    Windows Live (Version: 15.4.3502.0922)
    Windows Live (Version: 15.4.3555.0308)
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3555.0308)
    Windows Live Messenger (Version: 15.4.3538.0513)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    WinRAR 4.01 (32-bit) (Version: 4.01.0)
    World of Tanks
    Yontoo 1.10.02 (Version: 1.10.02)
    Z Steel Soldiers (Demo)

    ==================== Restore Points =========================

    17-05-2013 01:00:24 Windows Update
    17-05-2013 01:42:19 Windows Update
    17-05-2013 15:17:55 DirectX est installé
    17-05-2013 15:18:55 DirectX est installé
    17-05-2013 15:27:07 DirectX est installé
    17-05-2013 15:40:01 DirectX est installé
    17-05-2013 16:10:50 Windows Update
    17-05-2013 16:28:37 Windows Update
    17-05-2013 16:29:15 Windows Update
    17-05-2013 17:50:00 DirectX est installé
    17-05-2013 21:08:58 DirectX est installé
    17-05-2013 22:46:54 DirectX est installé
    18-05-2013 01:00:16 Windows Update
    18-05-2013 01:25:22 Before New Antivirus

    ==================== Faulty Device Manager Devices =============

    Name: Lexmark X422
    Description: Lexmark X422
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Lexmark
    Service: usbscan
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/18/2013 04:56:51 AM) (Source: Application Error) (User: )
    Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
    un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
    pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
    Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

    Programme : Indexeur Microsoft Windows Search
    Fichier :

    La valeur de l’erreur est affichée dans la section Données supplémentaires.
    Action utilisateur
    1. Ouvrez à nouveau le fichier.
    Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
    2.
    Si le fichier est toujours inaccessible et
    - Il se trouve sur le réseau :
    votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
    - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
    3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
    4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
    5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
    pour obtenir une assistance supplémentaire.

    Données supplémentaires
    Valeur de l’erreur : 00000000
    Type du disque : 0

    Error: (05/18/2013 04:56:51 AM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
    Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
    Code d’exception : 0xc000001d
    Décalage d’erreur : 0x00000000001daec4
    ID du processus défaillant : 0x1160
    Heure de début de l’application défaillante : 0xSearchIndexer.exe0
    Chemin d’accès de l’application défaillante : SearchIndexer.exe1
    Chemin d’accès du module défaillant: SearchIndexer.exe2
    ID de rapport : SearchIndexer.exe3

    Error: (05/18/2013 04:56:20 AM) (Source: Application Error) (User: )
    Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
    un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
    pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
    Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

    Programme : Indexeur Microsoft Windows Search
    Fichier :

    La valeur de l’erreur est affichée dans la section Données supplémentaires.
    Action utilisateur
    1. Ouvrez à nouveau le fichier.
    Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
    2.
    Si le fichier est toujours inaccessible et
    - Il se trouve sur le réseau :
    votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
    - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
    3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
    4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
    5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
    pour obtenir une assistance supplémentaire.

    Données supplémentaires
    Valeur de l’erreur : 00000000
    Type du disque : 0

    Error: (05/18/2013 04:56:20 AM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
    Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
    Code d’exception : 0xc000001d
    Décalage d’erreur : 0x00000000001daec4
    ID du processus défaillant : 0x614
    Heure de début de l’application défaillante : 0xSearchIndexer.exe0
    Chemin d’accès de l’application défaillante : SearchIndexer.exe1
    Chemin d’accès du module défaillant: SearchIndexer.exe2
    ID de rapport : SearchIndexer.exe3

    Error: (05/18/2013 04:55:48 AM) (Source: Application Error) (User: )
    Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
    un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
    pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
    Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

    Programme : Indexeur Microsoft Windows Search
    Fichier :

    La valeur de l’erreur est affichée dans la section Données supplémentaires.
    Action utilisateur
    1. Ouvrez à nouveau le fichier.
    Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
    2.
    Si le fichier est toujours inaccessible et
    - Il se trouve sur le réseau :
    votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
    - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
    3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
    4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
    5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
    pour obtenir une assistance supplémentaire.

    Données supplémentaires
    Valeur de l’erreur : 00000000
    Type du disque : 0

    Error: (05/18/2013 04:55:48 AM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
    Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
    Code d’exception : 0xc000001d
    Décalage d’erreur : 0x00000000001daec4
    ID du processus défaillant : 0xa84
    Heure de début de l’application défaillante : 0xSearchIndexer.exe0
    Chemin d’accès de l’application défaillante : SearchIndexer.exe1
    Chemin d’accès du module défaillant: SearchIndexer.exe2
    ID de rapport : SearchIndexer.exe3

    Error: (05/18/2013 04:53:44 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/18/2013 04:45:54 AM) (Source: Application Error) (User: )
    Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
    un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
    pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
    Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

    Programme : Indexeur Microsoft Windows Search
    Fichier :

    La valeur de l’erreur est affichée dans la section Données supplémentaires.
    Action utilisateur
    1. Ouvrez à nouveau le fichier.
    Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
    2.
    Si le fichier est toujours inaccessible et
    - Il se trouve sur le réseau :
    votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
    - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
    3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
    4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
    5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
    pour obtenir une assistance supplémentaire.

    Données supplémentaires
    Valeur de l’erreur : 00000000
    Type du disque : 0

    Error: (05/18/2013 04:45:54 AM) (Source: Application Error) (User: )
    Description: Nom de l’application défaillante SearchIndexer.exe, version : 7.0.7601.17610, horodatage : 0x4dc0d019
    Nom du module défaillant : NLSData001b.dll, version : 6.1.7600.16385, horodatage : 0x4a5bdfe1
    Code d’exception : 0xc000001d
    Décalage d’erreur : 0x00000000001daec4
    ID du processus défaillant : 0xcd0
    Heure de début de l’application défaillante : 0xSearchIndexer.exe0
    Chemin d’accès de l’application défaillante : SearchIndexer.exe1
    Chemin d’accès du module défaillant: SearchIndexer.exe2
    ID de rapport : SearchIndexer.exe3

    Error: (05/18/2013 04:45:23 AM) (Source: Application Error) (User: )
    Description: Windows ne peut pas accéder au fichier pour une des raisons suivantes :
    un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les
    pilotes de stockage installés sur cet ordinateur, ou le disque est manquant.
    Windows a fermé le programme Indexeur Microsoft Windows Search en raison de cette erreur.

    Programme : Indexeur Microsoft Windows Search
    Fichier :

    La valeur de l’erreur est affichée dans la section Données supplémentaires.
    Action utilisateur
    1. Ouvrez à nouveau le fichier.
    Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme.
    2.
    Si le fichier est toujours inaccessible et
    - Il se trouve sur le réseau :
    votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté.
    - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur.
    3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée.
    4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde.
    5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur
    pour obtenir une assistance supplémentaire.

    Données supplémentaires
    Valeur de l’erreur : 00000000
    Type du disque : 0


    System errors:
    =============
    Error: (05/18/2013 04:56:51 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de façon inattendue pour la 3ème fois.

    Error: (05/18/2013 04:56:20 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

    Error: (05/18/2013 04:55:49 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

    Error: (05/18/2013 04:45:55 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de façon inattendue pour la 3ème fois.

    Error: (05/18/2013 04:45:23 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

    Error: (05/18/2013 04:44:49 AM) (Source: Service Control Manager) (User: )
    Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

    Error: (05/18/2013 04:39:13 AM) (Source: Service Control Manager) (User: )
    Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

    Error: (05/18/2013 04:36:37 AM) (Source: Application Popup) (User: )
    Description: Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote.

    Error: (05/18/2013 04:36:37 AM) (Source: Application Popup) (User: )
    Description: Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote.

    Error: (05/18/2013 04:33:55 AM) (Source: Service Control Manager) (User: )
    Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.


    Microsoft Office Sessions:
    =========================
    Error: (05/18/2013 04:56:51 AM) (Source: Application Error)(User: )
    Description: Indexeur Microsoft Windows Search000000000

    Error: (05/18/2013 04:56:51 AM) (Source: Application Error)(User: )
    Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4116001ce5373581000e0C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll9637a220-bf66-11e2-af50-0019dbb1bf42

    Error: (05/18/2013 04:56:20 AM) (Source: Application Error)(User: )
    Description: Indexeur Microsoft Windows Search000000000

    Error: (05/18/2013 04:56:20 AM) (Source: Application Error)(User: )
    Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec461401ce537345644e94C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll83c9ecf8-bf66-11e2-af50-0019dbb1bf42

    Error: (05/18/2013 04:55:48 AM) (Source: Application Error)(User: )
    Description: Indexeur Microsoft Windows Search000000000

    Error: (05/18/2013 04:55:48 AM) (Source: Application Error)(User: )
    Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4a8401ce5372bd08b29eC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll70ff3c1b-bf66-11e2-af50-0019dbb1bf42

    Error: (05/18/2013 04:53:44 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/18/2013 04:45:54 AM) (Source: Application Error)(User: )
    Description: Indexeur Microsoft Windows Search000000000

    Error: (05/18/2013 04:45:54 AM) (Source: Application Error)(User: )
    Description: SearchIndexer.exe7.0.7601.176104dc0d019NLSData001b.dll6.1.7600.163854a5bdfe1c000001d00000000001daec4cd001ce5371d07a14a3C:\Windows\system32\SearchIndexer.exeC:\Windows\System32\NLSData001b.dll0f0cb36a-bf65-11e2-99a3-0019dbb1bf42

    Error: (05/18/2013 04:45:23 AM) (Source: Application Error)(User: )
    Description: Indexeur Microsoft Windows Search000000000


    CodeIntegrity Errors:
    ===================================
    Date: 2013-05-18 04:36:37.200
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2013-05-18 04:36:37.137
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2013-05-18 04:36:37.059
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2013-05-18 04:36:36.981
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2013-05-18 03:38:06.977
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2013-05-18 03:38:06.899
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


    ==================== Memory info ===========================

    Percentage of memory in use: 45%
    Total physical RAM: 4095.27 MB
    Available physical RAM: 2232.33 MB
    Total Pagefile: 8188.71 MB
    Available Pagefile: 6291.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.67 GB) (Free:342.73 GB) NTFS (Disk=0 Partition=2)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA12241F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  16. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    That looks fine.

    How is computer doing at the moment?
     
  17. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Right now I try to install something and it says that c:\Windows\System32\credui.dll is not created to run on Windows or there is an error

    and I try to install another thing and it says the same but with c:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll


    I dont understand anything and still can't install anything ://////////////

    I see something new, it says " An unhandled exception is occured. The application will be restarted " again again again again . . .
     
  18. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  19. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    I did this on my first post, but yes im scanning. takes time.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    I forgot.

    You can stop that scan....

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Adwcleaner


    # AdwCleaner v2.301 - Rapport créé le 18/05/2013 à 11:28:53
    # Mis à jour le 16/05/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Andrea - ANDREA-PC
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\Andrea\Downloads\adwcleaner(1).exe
    # Option [Suppression]


    ***** [Services] *****

    Arrêté & Supprimé : vToolbarUpdater14.2.0

    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : C:\Program Files (x86)\1ClickDownload
    Dossier Supprimé : C:\Program Files (x86)\AVG Secure Search
    Dossier Supprimé : C:\Program Files (x86)\BabylonToolbar
    Dossier Supprimé : C:\Program Files (x86)\BittorrentBar_FR
    Dossier Supprimé : C:\Program Files (x86)\Common Files\AVG Secure Search
    Dossier Supprimé : C:\Program Files (x86)\Conduit
    Dossier Supprimé : C:\Program Files (x86)\Yontoo
    Dossier Supprimé : C:\ProgramData\AVG Secure Search
    Dossier Supprimé : C:\ProgramData\Babylon
    Dossier Supprimé : C:\ProgramData\boost_interprocess
    Dossier Supprimé : C:\ProgramData\Tarma Installer
    Dossier Supprimé : C:\Users\Andrea\AppData\Local\AVG Secure Search
    Dossier Supprimé : C:\Users\Andrea\AppData\Local\Babylon
    Dossier Supprimé : C:\Users\Andrea\AppData\Local\Conduit
    Dossier Supprimé : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\AVG Secure Search
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\BabylonToolbar
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\BittorrentBar_FR
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\boost_interprocess
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\Conduit
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\PriceGong
    Dossier Supprimé : C:\Users\Andrea\AppData\LocalLow\Toolbar4
    Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\Babylon
    Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\Complitly
    Dossier Supprimé : C:\Users\Andrea\AppData\Roaming\WebPlayerBdd
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
    Fichier Supprimé : C:\user.js
    Fichier Supprimé : C:\Users\Andrea\Desktop\cacaoweb.exe
    Supprimé au redémarrage : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

    ***** [Registre] *****

    Clé Supprimée : HKCU\Software\1ClickDownload
    Clé Supprimée : HKCU\Software\AppDataLow\Software\BittorrentBar_FR
    Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
    Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
    Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
    Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
    Clé Supprimée : HKCU\Software\AVG Secure Search
    Clé Supprimée : HKCU\Software\BabylonToolbar
    Clé Supprimée : HKCU\Software\cacaoweb
    Clé Supprimée : HKCU\Software\Complitly
    Clé Supprimée : HKCU\Software\DataMngr
    Clé Supprimée : HKCU\Software\IGearSettings
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Clé Supprimée : HKLM\Software\AVG Secure Search
    Clé Supprimée : HKLM\Software\AVG Security Toolbar
    Clé Supprimée : HKLM\Software\Babylon
    Clé Supprimée : HKLM\Software\BabylonToolbar
    Clé Supprimée : HKLM\Software\BittorrentBar_FR
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\b
    Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
    Clé Supprimée : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
    Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
    Clé Supprimée : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2849852
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Clé Supprimée : HKLM\Software\Conduit
    Clé Supprimée : HKLM\Software\DataMngr
    Clé Supprimée : HKLM\Software\Iminent
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Clé Supprimée : HKLM\Software\SimplyGen
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0842E22B-BF8F-4307-86F7-F812FB90BC62}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C0924543-15FD-4F3D-889C-0B4562A9CB45}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67A11EBC-1ACB-4CAD-8E02-E952F1CE48FE}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDB43EBD-47AF-4E06-8156-3DDB1FC56CDC}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF79F67A-6AD7-4715-A0F8-932FCA442023}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_FR Toolbar
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Clé Supprimée : HKU\S-1-5-21-1356140123-1956174812-4015511781-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Donnée Supprimée : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll
    Donnée Supprimée : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
    Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll
    Donnée Supprimée : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
    Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF79F67A-6AD7-4715-A0F8-932FCA442023}]
    Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16421

    Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com
    Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://webplayersearch.com/ --> hxxp://www.google.com

    -\\ Mozilla Firefox v20.0.1 (fr)

    Fichier : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\8l77qmym.default-1350828278218\prefs.js

    [OK] Le fichier ne contient aucune entrée illégitime.

    -\\ Google Chrome v26.0.1410.64

    Fichier : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Supprimée [l.31] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Supprimée [l.34] : keyword = "isearch.avg.com",
    Supprimée [l.38] : search_url = "hxxp://isearch.avg.com/search?cid={4695BCC1-33D9-43D9-B79B-FF6D8A62939F}&mid=f4[...]

    *************************

    AdwCleaner[S1].txt - [33593 octets] - [18/05/2013 11:28:53]

    ########## EOF - C:\AdwCleaner[S1].txt - [33654 octets] ##########
     
  22. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Can't install Junkware, it says its not a 64 bit version . and it can't run the fonctione " Windows\system32\cscript.exe "
     
  23. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Can install OTL, but when I start scan it bugs and says incorrect image, Windows\Microsoft.NET\Framework\v2.0.50727.dll can't be executed on Windows or there is an error.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  25. Lainkiller

    Lainkiller TS Rookie Topic Starter Posts: 27

    Running Repair Under System Account
    Starting Repairs...
    Start (18.05.2013 19:00:11)

    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (18.05.2013 19:00:11)
    Running Repair Under Current User Account
    Done (18.05.2013 19:00:16)

    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (18.05.2013 19:00:16)
    Running Repair Under System Account
    Done (18.05.2013 19:01:59)

    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (18.05.2013 19:01:59)
    Running Repair Under System Account
    Done (18.05.2013 19:02:52)

    Register System Files
    Start (18.05.2013 19:02:52)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:03:15)

    Repair WMI
    Start (18.05.2013 19:03:15)
    Running Repair Under Current User Account
    Commutateur non valide.

    Commutateur non valide.

    Running Repair Under System Account
    Commutateur non valide.

    Commutateur non valide.

    Done (18.05.2013 19:04:38)

    Repair Windows Firewall
    Start (18.05.2013 19:04:38)
    Running Repair Under Current User Account
    Le service Partage de connexion Internet (ICS) n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Partage de connexion Internet (ICS) n'a pas pu ˆtre lanc‚.

    Le service n'a pas signal‚ d'erreur.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3534.

    Running Repair Under System Account
    Le service Partage de connexion Internet (ICS) n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Partage de connexion Internet (ICS) n'a pas pu ˆtre lanc‚.

    Le service n'a pas signal‚ d'erreur.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3534.

    Done (18.05.2013 19:05:07)

    Repair Internet Explorer
    Start (18.05.2013 19:05:07)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:05:31)

    Repair MDAC/MS Jet
    Start (18.05.2013 19:05:31)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:05:42)

    Repair Hosts File
    Start (18.05.2013 19:05:42)
    Running Repair Under System Account
    Done (18.05.2013 19:05:44)

    Remove Policies Set By Infections
    Start (18.05.2013 19:05:44)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:05:49)

    Repair Icons
    Start (18.05.2013 19:05:49)
    Running Repair Under System Account
    Impossible de trouver C:\Users\Andrea\AppData\Local\IconCache.db.bak
    Impossible de trouver C:\Users\Andrea\AppData\Local\IconCache.db
    Done (18.05.2013 19:05:51)

    Repair Winsock & DNS Cache
    Start (18.05.2013 19:05:51)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:06:10)

    Repair Proxy Settings
    Start (18.05.2013 19:06:10)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:06:15)

    Repair Windows Updates
    Start (18.05.2013 19:06:15)
    Running Repair Under Current User Account
    Le service Windows Update n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    AccŠs refus‚.
    Running Repair Under System Account
    Le service Services de chiffrement n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Service de transfert intelligent en arriŠre-plan n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Windows Update n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Accès refusé.
    Done (18.05.2013 19:06:42)

    Repair CD/DVD Missing/Not Working
    Start (18.05.2013 19:06:42)
    Done (18.05.2013 19:06:42)

    Repair Volume Shadow Copy Service
    Start (18.05.2013 19:06:42)
    Running Repair Under Current User Account
    Le service Clich‚ instantan‚ des volumes n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Fournisseur de clich‚ instantan‚ de logiciel Microsoft n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Running Repair Under System Account
    Le service Clich‚ instantan‚ des volumes n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Le service Fournisseur de clich‚ instantan‚ de logiciel Microsoft n'est pas lanc‚.

    Vous obtiendrez une aide suppl‚mentaire en entrant NET HELPMSG 3521.

    Done (18.05.2013 19:06:47)

    Repair MSI (Windows Installer)
    Start (18.05.2013 19:06:47)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:06:56)

    Repair bat Association
    Start (18.05.2013 19:06:56)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:00)

    Repair cmd Association
    Start (18.05.2013 19:07:00)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:05)

    Repair com Association
    Start (18.05.2013 19:07:05)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:10)

    Repair Directory Association
    Start (18.05.2013 19:07:10)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:14)

    Repair Drive Association
    Start (18.05.2013 19:07:14)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:19)

    Repair exe Association
    Start (18.05.2013 19:07:19)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:24)

    Repair Folder Association
    Start (18.05.2013 19:07:24)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:28)

    Repair inf Association
    Start (18.05.2013 19:07:28)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:33)

    Repair lnk (Shortcuts) Association
    Start (18.05.2013 19:07:33)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:38)

    Repair msc Association
    Start (18.05.2013 19:07:38)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:42)

    Repair reg Association
    Start (18.05.2013 19:07:42)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:47)

    Repair scr Association
    Start (18.05.2013 19:07:47)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:51)

    Repair Windows Safe Mode
    Start (18.05.2013 19:07:52)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:07:56)

    Repair Print Spooler
    Start (18.05.2013 19:07:56)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:08:09)

    Restore Important Windows Services
    Start (18.05.2013 19:08:09)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:08:14)

    Set Windows Services To Default Startup
    Start (18.05.2013 19:08:14)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (18.05.2013 19:08:18)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done (18.05.2013 19:08:18)
    Total Repair Time: 00:08:07


    ...YOU MUST RESTART YOUR SYSTEM...
    Running Repair Under System Account
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.