TechSpot

Sirefef and Windows Defender confirmation

Inactive
By Tamatea
Aug 15, 2012
  1. Hello,
    I've read many thread about sirefef virus.
    I think I have cleaned my computer now. I've scan entierly my computer with Microsoft Security Essential and repaired most of my services (BITS, Windows Update, Firewall ...).

    When I run FSS, I get this report :

    Code:
    Farbar Service Scanner Version: 06-08-2012
    Ran by Tamatea (administrator) on 15-08-2012 at 11:27:53
    Running from "E:\Downloads"
    Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
     
    Internet Services:
    ============
     
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
     
     
    Windows Firewall:
    =============
     
    Firewall Disabled Policy:
    ==================
     
     
    System Restore:
    ============
     
    System Restore Disabled Policy:
    ========================
     
     
    Action Center:
    ============
     
    Windows Update:
    ============
     
    Windows Autoupdate Disabled Policy:
    ============================
     
     
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
     
     
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
     
     
    Other Services:
    ==============
     
     
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
     
     
    **** End of log ****
    So my question is : Is it normal that Windows Defender is disabled ? I think it's ok because I use Windows Security Essential but I'm not sure.
    If I try to start it with services.msc I get an error.
    If I try to modify the registry key
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 it tells me that I can't modify it.

    Is it normal ? Can you help me ?

    Regards.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.
     
  3. Tamatea

    Tamatea TS Rookie Topic Starter

    Malwarebytes Report :

    Code:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
     
    Version de la base de données: v2012.08.15.05
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tamatea :: FIXE [limité]
     
    15/08/2012 17:46:08
    mbam-log-2012-08-15 (17-46-08).txt
     
    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 215778
    Temps écoulé: 7 minute(s), 42 seconde(s)
     
    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
     
    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)
     
    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)
     
    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)
     
    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)
     
    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)
     
    Fichier(s) détecté(s): 1
    C:\Windows\Installer\{2cbffae8-e949-a2a9-3ff4-0d3f88c26bcc}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès.
     
    (fin)
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Sorry I did not get back to this. I was waiting for you to post the remaining logs. Let me know if you still need help, and post the logs, please.
     
  5. Tamatea

    Tamatea TS Rookie Topic Starter

    Hello. So here is the GMER.log :

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-20 20:00:07
    Windows 6.1.7601 Service Pack 1
    Running: 21wvg4vy.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x37 0xAD 0xA6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x69 0xD1 0xB1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x08 0x32 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x97 0x37 0xAD 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x04 0x69 0xD1 0xB1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8D 0x08 0x32 0xD0 ...

    ---- EOF - GMER 1.0.15 ----

    ----
    ----

    And the DDS.log :

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Tamatea at 20:49:14 on 2012-08-20
    Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.6135.3260 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DFDWiz.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\Tamatea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\GMail Notifier Plus\Gmail Notifier Plus.exe
    C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\AMBSpiE.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\NMSAccessU.exe
    C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

    \WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies

    \Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [SkyDrive] "C:\Users\Tamatea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Tamatea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CBC.exe
    StartupFolder: C:\Users\Tamatea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GMAILN~1.LNK - C:\Program Files (x86)\GMail Notifier Plus\Gmail Notifier Plus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: %SystemRoot%\system32\vsocklib.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 8.8.8.8 212.27.60.19
    TCP: Interfaces\{8617E464-E47A-4060-9DB2-18629981394E} : DhcpNameServer = 208.67.222.222 8.8.8.8 212.27.60.19
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    {0347C33E-8762-4905-BF09-768834316C61}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {DDA57003-0068-4ed2-9D32-4D1EC707D94D}
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
    mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(par d‚faut)]
    mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    Hosts: 74.208.10.249 gs.apple.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tamatea\AppData\Roaming\Mozilla\Firefox\Profiles\apceybz8.default\
    FF - prefs.js: browser.startup.homepage - C:\\Program Files\\EIGHT\\index.htm
    FF - prefs.js: network.proxy.http - 193.131.185.137
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\system32\DRIVERS\nm3.sys --> C:\Windows\system32\DRIVERS\nm3.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
    R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2012-1-20 12800]
    R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-18 245760]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-22 846448]
    R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 busenum;Synology Virtual USB Hub;C:\Windows\system32\DRIVERS\busenum.sys --> C:\Windows\system32\DRIVERS\busenum.sys [?]
    R3 MCfilt;MCfilt;C:\Windows\system32\drivers\MCfilt64.sys --> C:\Windows\system32\drivers\MCfilt64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DroidExplorerService;DroidExplorer Service;C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [2012-5-3 253952]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-1 136176]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-3

    79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-3

    79360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-1 136176]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Inspection du réseau Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-20 18:35:59 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2D0014C-1364-46C5-9077-5CB8A0B5841B}\mpengine.dll
    2012-08-20 09:17:16 -------- d-----w- C:\Users\Tamatea\AppData\Local\{3D5C4A7F-20C7-490B-97C3-4532E52BDD6B}
    2012-08-19 21:16:53 -------- d-----w- C:\Users\Tamatea\AppData\Local\{84EC5014-CB2D-4584-AA0C-E7148078D669}
    2012-08-19 18:21:30 -------- d-----w- C:\Program Files (x86)\Seagate
    2012-08-19 18:21:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-08-19 16:26:46 -------- d-----w- C:\Users\Tamatea\AppData\Roaming\HD Tune Pro
    2012-08-19 16:26:38 -------- d-----w- C:\Program Files (x86)\HD Tune Pro
    2012-08-19 09:16:26 -------- d-----w- C:\Users\Tamatea\AppData\Local\{F20BC410-40CE-4F29-BDD1-12BF8229A2E7}
    2012-08-18 19:43:55 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-18 10:42:05 -------- d-----w- C:\Users\Tamatea\AppData\Local\{E8F01942-78EE-4CC6-8A5E-32669D2F24CD}
    2012-08-18 10:41:54 -------- d-----w- C:\Users\Tamatea\AppData\Local\{C9C2BD43-DB74-4A1C-8D5E-C75A397B30A5}
    2012-08-17 22:41:29 -------- d-----w- C:\Users\Tamatea\AppData\Local\{A2E8BE25-EBEF-43BB-BA53-E547318E2C3E}
    2012-08-17 22:41:19 -------- d-----w- C:\Users\Tamatea\AppData\Local\{8704F03F-2E2E-4CBF-9554-E5BAD7622198}
    2012-08-17 10:49:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17A1A24B-5BEF-4207-84ED-B857761C9648}\gapaengine.dll
    2012-08-17 10:40:35 -------- d-----w- C:\Users\Tamatea\AppData\Local\{1CEC6D59-5713-4272-ADCE-CBF204831210}
    2012-08-17 10:40:18 -------- d-----w- C:\Users\Tamatea\AppData\Local\{963E2771-81FB-4865-A427-F49D40E37B5B}
    2012-08-16 16:45:00 -------- d-----w- C:\Users\Tamatea\AppData\Local\{F721EB86-3FD1-4A2E-A450-35641AFC44E1}
    2012-08-16 16:44:42 -------- d-----w- C:\Users\Tamatea\AppData\Local\{24F4B64E-99D6-4BF0-A223-69A1470639FC}
    2012-08-15 19:46:12 -------- d-----w- C:\Users\Tamatea\AppData\Local\{E8E5E0C1-E29C-4C6B-BC57-500BD685893C}
    2012-08-15 19:46:02 -------- d-----w- C:\Users\Tamatea\AppData\Local\{AA0EF165-D123-4313-A781-15692FE9C156}
    2012-08-15 15:40:39 -------- d-----w- C:\Users\Tamatea\AppData\Roaming\Malwarebytes
    2012-08-15 15:40:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-15 15:40:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-15 15:40:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-15 09:32:31 -------- d-----w- C:\ProgramData\PreEmptive Solutions
    2012-08-15 09:17:56 -------- d-----w- C:\ProgramData\VS
    2012-08-15 08:54:36 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2012-08-15 08:54:36 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2012-08-15 08:54:36 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
    2012-08-15 08:37:14 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 08:37:14 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 08:37:14 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 08:37:12 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 08:37:12 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 08:37:12 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 08:37:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 08:37:10 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 08:37:10 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 08:37:09 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-08-15 08:37:09 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-08-15 08:36:49 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 08:36:39 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-15 07:45:19 -------- d-----w- C:\Users\Tamatea\AppData\Local\{5A3F5528-CFFB-4AEF-9B72-B2BED4C1337F}
    2012-08-15 07:45:09 -------- d-----w- C:\Users\Tamatea\AppData\Local\{07DB3C49-4BD3-47BF-A7E0-6218DCBF7E02}
    2012-08-14 17:53:49 -------- d-----w- C:\Users\Tamatea\AppData\Local\{111ACB8E-A49D-41D9-9250-0D9BB93D9B3A}
    2012-08-14 05:53:25 -------- d-----w- C:\Users\Tamatea\AppData\Local\{B7FDACDA-FAF3-439B-B006-052A58283A3B}
    2012-08-14 05:53:14 -------- d-----w- C:\Users\Tamatea\AppData\Local\{E68F9229-6BF5-4EA4-A291-1FF06772A233}
    2012-08-13 21:20:56 -------- d-----w- C:\Users\Tamatea\AppData\Local\ElevatedDiagnostics
    2012-08-13 18:51:41 328704 ----a-w- C:\Windows\System32\services.exe.63DB934E62EFF59F
    2012-08-13 18:20:30 328704 ----a-w- C:\Windows\System32\services.exe.30797C1BA62ACDDA
    2012-08-13 17:59:27 328704 ----a-w- C:\Windows\System32\services.exe.B3FA10E08783916E
    2012-08-13 17:52:39 -------- d-----w- C:\Users\Tamatea\AppData\Local\{73274FEC-DF88-40E3-A30B-5FD037175E84}
    2012-08-13 17:52:27 -------- d-----w- C:\Users\Tamatea\AppData\Local\{CA42A8DA-1A2E-4A80-90C3-F51B551E5312}
    2012-08-13 17:39:07 50392 ----a-w- C:\Windows\System32\drivers\xkyvivhc.sys
    2012-08-13 09:12:13 -------- d-----w- C:\Users\Tamatea\AppData\Local\{3B8D01AB-CCFF-4B0B-BBAB-63C6B9A92BED}
    2012-08-13 09:11:57 -------- d-----w- C:\Users\Tamatea\AppData\Local\{8096998B-8AD3-42AA-9CBA-36C496E46DA5}
    2012-08-12 21:05:07 -------- d-----w- C:\Users\Tamatea\AppData\Local\{92E87111-712B-429B-9183-AB4F56E72946}
    2012-08-12 21:04:57 -------- d-----w- C:\Users\Tamatea\AppData\Local\{3AB0498D-28C4-4DA7-A929-60E7FEA0E4EA}
    2012-08-12 09:04:16 -------- d-----w- C:\Users\Tamatea\AppData\Local\{71822760-AC5A-4B74-BAEF-B2523CA8438F}
    2012-08-12 09:03:55 -------- d-----w- C:\Users\Tamatea\AppData\Local\{9B8341A8-5A41-4FC7-BA15-A4051B1FADA7}
    2012-08-11 19:31:12 -------- d-----w- C:\Users\Tamatea\AppData\Local\{8DD77EA7-276C-4A93-B561-559D6D1D4EA7}
    2012-08-11 07:30:33 -------- d-----w- C:\Users\Tamatea\AppData\Local\{5E706092-E60F-4C13-87EF-36460616EF10}
    2012-08-11 07:30:16 -------- d-----w- C:\Users\Tamatea\AppData\Local\{659A1306-4D70-4F87-A0D8-0C131303EAA5}
    2012-08-10 13:18:14 -------- d-----w- C:\Users\Tamatea\AppData\Local\{0EF8B86B-880B-4666-A44C-2D4A0A4E704B}
    2012-08-10 13:17:56 -------- d-----w- C:\Users\Tamatea\AppData\Local\{30F8A80E-C8F9-4AAC-A700-CF394D592B18}
    2012-08-09 10:49:09 -------- d-----w- C:\Users\Tamatea\AppData\Local\{D0D8D4D0-8F27-4E8E-8B92-4AD5EDE01F12}
    2012-08-09 10:48:57 -------- d-----w- C:\Users\Tamatea\AppData\Local\{891A2D1E-D251-46CA-80B4-A5F5BFCE4E28}
    2012-08-08 20:39:30 -------- d-----w- C:\Program Files (x86)\Rockstar Games
    2012-08-08 20:23:46 -------- d-----w- C:\ProgramData\Rockstar Games
    2012-08-08 16:51:09 -------- d-----w- C:\Users\Tamatea\AppData\Local\{89EABBF9-38DF-4943-969D-7EF67BD6D23A}
    2012-08-08 16:50:54 -------- d-----w- C:\Users\Tamatea\AppData\Local\{95390A3D-1F74-4BCE-9D4E-93C5AB405FA1}
    2012-08-07 16:45:05 -------- d-----w- C:\Users\Tamatea\AppData\Local\{00F3653A-B908-4D60-A576-7A94923C6663}
    2012-08-07 16:44:46 -------- d-----w- C:\Users\Tamatea\AppData\Local\{CC23B781-56B5-4B79-BCD0-58D1DAA3FE97}
    2012-08-06 22:30:38 -------- d-----w- C:\Users\Tamatea\AppData\Roaming\2BrightSparks
    2012-08-06 22:30:30 71096 ----a-w- C:\Windows\SysWow64\NMSAccessU.exe
    2012-08-06 22:30:30 20480 ----a-w- C:\Windows\SysWow64\SyncBackPro.dll
    2012-08-06 22:30:25 -------- d-----w- C:\Program Files (x86)\2BrightSparks
    2012-08-06 17:01:51 -------- d-----w- C:\Users\Tamatea\AppData\Local\{3F7E828C-0CEC-40AA-9D16-201855D445E1}
    2012-08-06 17:01:38 -------- d-----w- C:\Users\Tamatea\AppData\Local\{B179A22E-6D10-4881-AB20-BA7373F1C939}
    2012-08-05 21:20:33 -------- d-----w- C:\Users\Tamatea\AppData\Local\{46DAD60F-6931-4205-92E5-A1EC44A2CFAB}
    2012-08-05 21:20:22 -------- d-----w- C:\Users\Tamatea\AppData\Local\{A34732EB-182B-49E1-A9FC-78F401C84979}
    2012-08-05 09:19:53 -------- d-----w- C:\Users\Tamatea\AppData\Local\{81DE9FD5-A328-41B3-92BD-070537E170C2}
    2012-08-05 09:19:31 -------- d-----w- C:\Users\Tamatea\AppData\Local\{DA2D52D6-436E-4178-902A-8B135B67C7E2}
    2012-08-04 20:36:30 -------- d-----w- C:\Users\Tamatea\AppData\Local\{53EFF1FE-3514-49A3-B537-B2EBCFBA0A4A}
    2012-08-04 12:29:30 -------- d-----w- C:\Program Files\iPod
    2012-08-04 12:29:29 -------- d-----w- C:\Program Files\iTunes
    2012-08-04 12:29:29 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-08-04 08:35:53 -------- d-----w- C:\Users\Tamatea\AppData\Local\{30D30AB3-1BF0-48BB-9AF4-CBA512116BB3}
    2012-08-04 08:35:30 -------- d-----w- C:\Users\Tamatea\AppData\Local\{D025A491-4D6F-4BE7-BBEE-543424DF3357}
    2012-08-03 16:42:26 -------- d-----w- C:\Users\Tamatea\AppData\Local\{FEF7DE71-A92F-44DB-9997-36F20A194283}
    2012-08-03 16:42:10 -------- d-----w- C:\Users\Tamatea\AppData\Local\{790095B0-6027-4FF6-B18C-111E98010635}
    2012-08-02 16:48:31 -------- d-----w- C:\Users\Tamatea\AppData\Local\{573FA97E-F109-4BA6-A037-FCF069A6797B}
    2012-08-02 16:48:13 -------- d-----w- C:\Users\Tamatea\AppData\Local\{EF76DE5B-512E-4C94-93EF-229249AFCFB5}
    2012-08-01 18:51:20 -------- d-----w- C:\ProgramData\RELOADED
    2012-08-01 17:06:58 -------- d-----w- C:\Users\Tamatea\AppData\Local\{AD3F3045-3896-4FD4-9109-E846966E2984}
    2012-08-01 17:06:29 -------- d-----w- C:\Users\Tamatea\AppData\Local\{642C4E2E-3973-4E06-92E5-29D66BE64A94}
    2012-07-31 21:43:52 -------- d-----w- C:\Users\Tamatea\AppData\Local\{7B183842-29AE-440E-A228-83FBCE30D157}
    2012-07-31 21:43:41 -------- d-----w- C:\Users\Tamatea\AppData\Local\{F33A1060-9323-42D5-9784-1C0C3A8E0548}
    2012-07-31 09:42:58 -------- d-----w- C:\Users\Tamatea\AppData\Local\{EC025EF6-40A9-44DA-B2DE-EA332F2C50CC}
    2012-07-31 09:42:38 -------- d-----w- C:\Users\Tamatea\AppData\Local\{7E4207F9-57D2-49CE-98E4-813FBB51AC30}
    2012-07-30 21:21:31 -------- d-----w- C:\Users\Tamatea\AppData\Local\{C74B69BF-425A-4D02-82C7-1B475652B3D6}
    2012-07-30 09:21:06 -------- d-----w- C:\Users\Tamatea\AppData\Local\{27F69087-64DB-461E-BBEC-B1FEE4E73D89}
    2012-07-30 09:20:54 -------- d-----w- C:\Users\Tamatea\AppData\Local\{3A905736-DA92-4B97-BBD1-D6E55A743675}
    2012-07-29 21:20:32 -------- d-----w- C:\Users\Tamatea\AppData\Local\{91DF907F-357A-447A-A1FB-EA2BC6A52422}
    2012-07-29 21:20:22 -------- d-----w- C:\Users\Tamatea\AppData\Local\{8FAC9651-2CD5-4908-98ED-EBFCE4ED483F}
    2012-07-29 11:47:42 -------- d-----w- C:\Windows\System32\wbem\Framework\root\AddGadgets
    2012-07-29 11:47:42 -------- d-----w- C:\Windows\System32\wbem\Framework\root
    2012-07-29 11:47:42 -------- d-----w- C:\Windows\System32\wbem\Framework
    2012-07-29 11:47:31 -------- d-----w- C:\Program Files (x86)\PCMeter
    2012-07-29 11:19:34 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-07-29 09:19:40 -------- d-----w- C:\Users\Tamatea\AppData\Local\{83AC9495-6D9F-4789-A3C6-871BEEFD29B8}
    2012-07-29 09:19:26 -------- d-----w- C:\Users\Tamatea\AppData\Local\{357BA1B6-648C-439C-B55D-F7F7C03362E5}
    2012-07-28 21:11:31 -------- d-----w- C:\Users\Tamatea\AppData\Local\{7C1E8183-CE33-4368-A32A-5ECE62B4D85E}
    2012-07-28 21:11:20 -------- d-----w- C:\Users\Tamatea\AppData\Local\{F6C07158-229C-422B-80AB-1734F24F5E83}
    2012-07-28 09:10:55 -------- d-----w- C:\Users\Tamatea\AppData\Local\{E87BF5F4-4008-4F22-B4DB-C445E92A5AF2}
    2012-07-28 09:10:33 -------- d-----w- C:\Users\Tamatea\AppData\Local\{0ED95932-6A48-4445-A935-6E4D3EC8D625}
    2012-07-27 21:10:08 -------- d-----w- C:\Users\Tamatea\AppData\Local\{57602E28-EA03-4FCF-B047-2F7A33B92CAA}
    2012-07-27 21:09:58 -------- d-----w- C:\Users\Tamatea\AppData\Local\{C1994864-5A0F-458E-80EA-6EB20DCC3F26}
    2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-07-27 09:09:21 -------- d-----w- C:\Users\Tamatea\AppData\Local\{B2B5D8F6-9ACF-4432-9A32-F29C80E3E926}
    2012-07-27 09:09:04 -------- d-----w- C:\Users\Tamatea\AppData\Local\{1CB25542-D5E0-40BE-BA99-B0F3C7AE8212}
    2012-07-26 16:51:32 -------- d-----w- C:\Users\Tamatea\AppData\Local\{00ADDF1D-2FD0-44FC-B451-BBC50A4018EF}
    2012-07-26 16:51:16 -------- d-----w- C:\Users\Tamatea\AppData\Local\{C52C9486-3066-4A78-B948-54ACECF2DA7D}
    2012-07-25 22:22:33 -------- d-----w- C:\Users\Tamatea\AppData\Local\{66221216-B91E-4778-BE14-3437EB5F149B}
    2012-07-25 22:22:23 -------- d-----w- C:\Users\Tamatea\AppData\Local\{2D940A56-4F30-4CB3-8E74-B763170D5B23}
    2012-07-25 10:21:47 -------- d-----w- C:\Users\Tamatea\AppData\Local\{B748B371-74F6-4229-9617-48281954A5EB}
    2012-07-25 10:21:25 -------- d-----w- C:\Users\Tamatea\AppData\Local\{C9919394-787F-487C-96D7-9B4B5C9FA621}
    2012-07-24 19:42:22 -------- d-----w- C:\Users\Tamatea\AppData\Roaming\yWorks
    2012-07-24 14:07:28 -------- d-----w- C:\Users\Tamatea\AppData\Local\{1851D0F9-34DC-48A2-8A92-8352AC3DBD7E}
    2012-07-24 14:07:08 -------- d-----w- C:\Users\Tamatea\AppData\Local\{425AABF1-5E26-42DF-B730-8DA7FACF7D9D}
    2012-07-23 20:34:11 -------- d-----w- C:\Users\Tamatea\AppData\Local\{866BE32B-17D8-4FCC-804F-C6FFEC90F4AA}
    2012-07-23 20:34:00 -------- d-----w- C:\Users\Tamatea\AppData\Local\{8CF21CBB-C63E-4072-8E0B-98065225B97F}
    2012-07-23 08:33:18 -------- d-----w- C:\Users\Tamatea\AppData\Local\{6532DB9B-E394-4AF3-A703-DC853B057560}
    2012-07-23 08:33:03 -------- d-----w- C:\Users\Tamatea\AppData\Local\{20809EE2-A534-4F0C-86D9-26D497165694}
    2012-07-22 11:17:42 -------- d-----w- C:\Users\Tamatea\AppData\Local\{1FA54B08-00DD-4BF8-8102-95941E7B7230}
    2012-07-22 11:17:31 -------- d-----w- C:\Users\Tamatea\AppData\Local\{1D815563-0958-4333-ADC8-4A3362904F7C}
    2012-07-21 23:17:06 -------- d-----w- C:\Users\Tamatea\AppData\Local\{DF2BFAB2-592C-4967-BBAC-DF02198BA311}
    .
    ==================== Find3M ====================
    .
    2012-08-17 12:40:01 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-08-17 12:40:01 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-08-17 12:39:44 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-08-15 07:51:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 07:51:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-10 10:27:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
    2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
    2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 10:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 20:49:45,29 ===============
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. Tamatea

    Tamatea TS Rookie Topic Starter

    Here is the log :

    ComboFix 12-08-21.01 - Tamatea 21/08/2012 21:37:47.1.8 - x64
    Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.6135.4123 [GMT 2:00]
    Lancé depuis: e:\downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Tamatea\AppData\Local\assembly\tmp
    c:\users\Tamatea\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
    c:\windows\SysWow64\muzapp.exe
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-21 au 2012-08-21 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-08-21 19:42 . 2012-08-21 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-21 16:57 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD67A6EE-C3C5-4BC2-BF0E-AE66F271DA5D}\mpengine.dll
    2012-08-20 18:35 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-19 18:21 . 2012-08-19 18:21 -------- d-----w- c:\program files (x86)\Seagate
    2012-08-19 18:21 . 2012-08-19 18:21 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-08-19 16:26 . 2012-08-19 16:27 -------- d-----w- c:\users\Tamatea\AppData\Roaming\HD Tune Pro
    2012-08-19 16:26 . 2012-08-19 16:26 -------- d-----w- c:\program files (x86)\HD Tune Pro
    2012-08-17 10:49 . 2012-08-17 10:49 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17A1A24B-5BEF-4207-84ED-B857761C9648}\gapaengine.dll
    2012-08-15 15:40 . 2012-08-15 15:40 -------- d-----w- c:\users\Tamatea\AppData\Roaming\Malwarebytes
    2012-08-15 15:40 . 2012-08-15 15:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-15 15:40 . 2012-08-15 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-15 15:40 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-15 09:32 . 2012-08-15 09:32 -------- d-----w- c:\programdata\PreEmptive Solutions
    2012-08-15 09:17 . 2012-08-15 09:17 -------- d-----w- c:\programdata\VS
    2012-08-15 08:54 . 2011-09-22 19:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
    2012-08-15 08:54 . 2011-09-22 19:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2012-08-15 08:54 . 2011-09-22 15:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
    2012-08-15 08:51 . 2012-08-15 08:51 -------- d-----w- c:\program files\Microsoft.NET
    2012-08-15 08:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-08-15 08:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 08:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 08:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-08-15 08:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-08-15 08:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2012-08-15 08:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2012-08-15 08:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2012-08-15 08:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2012-08-15 08:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2012-08-15 08:37 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-08-15 08:37 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-08-15 08:36 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 08:36 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
    2012-08-13 21:20 . 2012-08-13 21:20 -------- d-----w- c:\users\Tamatea\AppData\Local\ElevatedDiagnostics
    2012-08-13 18:51 . 2012-08-13 18:51 328704 ----a-w- c:\windows\system32\services.exe.63DB934E62EFF59F
    2012-08-13 18:20 . 2012-08-13 18:20 328704 ----a-w- c:\windows\system32\services.exe.30797C1BA62ACDDA
    2012-08-13 17:59 . 2012-08-13 17:59 328704 ----a-w- c:\windows\system32\services.exe.B3FA10E08783916E
    2012-08-13 17:39 . 2012-08-13 17:39 50392 ----a-w- c:\windows\system32\drivers\xkyvivhc.sys
    2012-08-08 20:39 . 2012-08-08 20:39 -------- d-----w- c:\program files (x86)\Rockstar Games
    2012-08-08 20:23 . 2012-08-13 18:45 -------- d-----w- c:\programdata\Rockstar Games
    2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Tamatea\AppData\Roaming\2BrightSparks
    2012-08-06 22:30 . 2011-05-31 17:03 20480 ----a-w- c:\windows\SysWow64\SyncBackPro.dll
    2012-08-06 22:30 . 2009-01-12 06:15 71096 ----a-w- c:\windows\SysWow64\NMSAccessU.exe
    2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\program files (x86)\2BrightSparks
    2012-08-04 12:29 . 2012-08-04 12:29 -------- d-----w- c:\program files\iPod
    2012-08-04 12:29 . 2012-08-04 12:30 -------- d-----w- c:\program files\iTunes
    2012-08-04 12:29 . 2012-08-04 12:30 -------- d-----w- c:\program files (x86)\iTunes
    2012-08-01 18:51 . 2012-08-01 18:51 -------- d-----w- c:\programdata\RELOADED
    2012-07-29 11:47 . 2012-07-29 11:47 -------- d-----w- c:\windows\system32\wbem\Framework
    2012-07-29 11:20 . 2012-07-29 11:20 -------- d-----w- c:\programdata\ATI
    2012-07-29 11:19 . 2012-07-29 11:19 -------- d-----w- c:\program files (x86)\AMD APP
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2012-07-24 19:42 . 2012-07-24 19:42 -------- d-----w- c:\users\Tamatea\AppData\Roaming\yWorks
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-17 12:40 . 2012-06-27 13:21 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-08-17 12:40 . 2012-06-27 12:32 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-17 12:39 . 2012-06-27 12:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-08-16 17:07 . 2011-12-12 21:53 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-08-15 08:43 . 2011-10-01 18:35 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-15 07:51 . 2012-03-29 17:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 07:51 . 2011-10-01 19:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-10 10:27 . 2012-06-27 12:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-28 20:07 . 2012-06-28 20:07 1867264 ----a-r- c:\users\Tamatea\AppData\Roaming\Microsoft\Installer\{9F126482-0865-4369-9D54-F015356C5519}\AppIcon.exe
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-09-08 17:34 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-09-08 17:32 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2011-09-08 17:24 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-09-08 17:16 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2011-09-08 17:05 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2011-09-08 17:08 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2011-09-08 16:53 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-09-08 16:52 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2011-09-08 16:51 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-09-08 16:51 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-10 14:44 . 2012-06-10 14:44 119808 ----a-r- c:\users\Tamatea\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-06-09 05:43 . 2012-07-11 18:52 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 18:52 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 18:52 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 18:52 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 18:52 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 18:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 18:52 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 16:56 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 16:57 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 16:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 16:56 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 16:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 16:56 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-21 16:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-21 16:56 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 18:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 18:52 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 18:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 18:52 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 18:52 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 18:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 18:52 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 18:52 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 18:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-31 10:25 . 2011-10-01 17:20 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-08-17 17:53 220608 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-08-17 17:53 220608 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-08-17 17:53 220608 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2009-12-10 11653120]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
    "SkyDrive"="c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-08-17 238528]
    "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-08-30 112400]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-09-17 1310720]
    "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\users\Tamatea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Gmail Notifier Plus.lnk - c:\program files (x86)\GMail Notifier Plus\Gmail Notifier Plus.exe [2012-1-3 1037824]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2012-05-03 253952]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-03 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-03 79360]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 136176]
    R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
    R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 X6va005;X6va005;c:\users\Tamatea\AppData\Local\Temp\0054A30.tmp [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-03 272448]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
    S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
    S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
    S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
    S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [2009-09-17 25600]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57066cb8-1d9b-11e1-bd21-005056c00008}]
    \shell\AutoRun\command - G:\Setup.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 21:54]
    .
    2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-01 21:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-08-17 17:53 244672 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-08-17 17:53 244672 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-08-17 17:53 244672 ----a-w- c:\users\Tamatea\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2009-12-10 01:41 140288 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2009-12-10 01:41 140288 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2009-12-10 01:41 140288 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2009-12-10 01:41 140288 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: DhcpNameServer = 208.67.222.222 8.8.8.8 212.27.60.19
    FF - ProfilePath - c:\users\Tamatea\AppData\Roaming\Mozilla\Firefox\Profiles\apceybz8.default\
    FF - prefs.js: browser.startup.homepage - c:\\Program Files\\EIGHT\\index.htm
    FF - prefs.js: network.proxy.http - 193.131.185.137
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    AddRemove-Alan Wake_is1 - d:\remedy entertainment\Alan Wake\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Tamatea\AppData\Local\Temp\0054A30.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_USERS\S-1-5-21-1487241502-1899819265-514973780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-1487241502-1899819265-514973780-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.eml.14"
    .
    [HKEY_USERS\S-1-5-21-1487241502-1899819265-514973780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-1487241502-1899819265-514973780-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf.14"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\NMSAccessU.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-08-21 21:51:25 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-08-21 19:51
    .
    Avant-CF: 221 066 489 856 octets libres
    Après-CF: 226 483 871 744 octets libres
    .
    - - End Of File - - 5DA1E645915C8E97AB1AFE1A467B53DC
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     
  10. Tamatea

    Tamatea TS Rookie Topic Starter

    Hello,
    I have a problem with my internet connection :'( No Internet at home. Is it possible to wait for the report ?
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. How is the computer running overall?
     
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.