Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost infected ?


  • This topic is locked This topic is locked
13 replies to this topic

#1 jargot

jargot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 07 May 2013 - 07:32 PM

Hi,

I've been having some very short yet frequent lag spikes recently, noticed through online playing. At first, I thought it was a problem with my ISP, but I found out through NetLimiter that svchost.exe had been downloading and uploading data sporadically [screenshot] every day. I also ran an HijackThis which returned numerous problems with svchost.exe and following that I installed Avast, did a full scan which returned no results. Following that, I also installed MalwareBytes, full scan, which also found no hits. After that, I did a ComboFix (sorry, should have read the rules better) and then another HijackThis to see if the problem was solved; unfortunately, the log shows it's not.

The only "fix" I found is to use NetLimiter to limit my svchost bandwidth to 1kbps, although I'm aware that it's only a workaround, and I'd prefer to be as virus free as possible...

Thanks for taking a look in my problem :)





DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.21.2
Run by Adm at 2:14:31 on 2013-05-08
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.4079.1259 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Users\Adm\Local Settings\Apps\F.lux\flux.exe
C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\RemotelessHelper\RemotelessHelper.exe
C:\Users\Adm\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Adm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Adm\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Users\Adm\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Adm\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\notepad.exe
C:\Users\Adm\Desktop\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [F.lux] "C:\Users\Adm\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Audiogalaxy] "C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Wunderlist] "C:\Users\Adm\AppData\Local\Apps\2.0\31381JEX.6Q6\48V81EQJ.8KC\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent
uRun: [MusicManager] "C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [RemotelessHelper] "C:\Program Files (x86)\RemotelessHelper\RemotelessHelper.exe"
uRun: [SkyDrive] "C:\Users\Adm\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Spotify Web Helper] "C:\Users\Adm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Adm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Adm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Adm\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Adm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Adm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\Users\Adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms
StartupFolder: C:\Users\Adm\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TALKTO~2.LNK - C:\Users\Adm\AppData\Roaming\Talk.to\Launch.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Capture la sélection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Capturer cette page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Capturer l'URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - C:\Users\Adm\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: Nouvelle note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Remplissage de Formulaire LastPass - C:\Users\Adm\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{1F482F1A-C9ED-4666-8A1A-8D57AABE5233} : DHCPNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{1F482F1A-C9ED-4666-8A1A-8D57AABE5233}\14E64627F696460284F6473707F64773338343 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{1F482F1A-C9ED-4666-8A1A-8D57AABE5233}\45865654D6F67596473686 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{1F482F1A-C9ED-4666-8A1A-8D57AABE5233}\6627565626F687F55344D4 : DHCPNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{2B3989CE-560C-45C4-8CAE-6A00850D9655} : DHCPNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{460D50BC-6744-41EE-9FF7-30F031D3160B} : DHCPNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{7D49E2CB-2240-4433-945A-428B6BFE75D1} : DHCPNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{82958132-A478-4E60-A0D5-8B5EE181F5B9} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{84917905-2E59-4015-9646-0206777F1CE3} : DHCPNameServer = 212.27.40.241 212.27.40.240
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Adm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-03-22 20:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-22 20:36; support@lastpass.com; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-03-24 20:32; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-03-26 21:19; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-08 20:23; firefox@mega.co.nz; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-04-14 13:41; en-US@dictionaries.addons.mozilla.org; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\en-US@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-04-18 20:11; firebug@software.joehewitt.com; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-05-06 14:34; jid1-4P0kohSJxU1qGg@jetpack; C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
FF - ExtSQL: 2013-05-07 20:21; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-7 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-7 189936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-11 56208]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-11-10 15368]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-7 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-7 378432]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-10 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-11-10 15936]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-7 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-7 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-7 46808]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtlService.exe [2012-11-15 36864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-10 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2013-2-19 101376]
R3 LADF_BakerCOnly;BakerC Filter Driver;C:\Windows\System32\drivers\ladfBakerCamd64.sys [2011-3-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;C:\Windows\System32\drivers\ladfBakerRamd64.sys [2011-3-18 335688]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-5-6 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-4-30 15360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-10 344680]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-11-10 79360]
S2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2013-2-2 262144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-7 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-7 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2013-4-30 36256]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-10 79360]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-11-10 31808]
S3 IntcDAud;Son Intel® pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-10 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-7 25928]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
S3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2012-11-15 1045608]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-10 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-05-07 23:57:51 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-07 23:44:36 98816 ----a-w- C:\Windows\sed.exe
2013-05-07 23:44:36 256000 ----a-w- C:\Windows\PEV.exe
2013-05-07 23:44:36 208896 ----a-w- C:\Windows\MBR.exe
2013-05-07 23:44:32 -------- d-----w- C:\ComboFix
2013-05-07 20:34:35 -------- d-----w- C:\Users\Adm\AppData\Roaming\Malwarebytes
2013-05-07 20:34:09 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-07 20:34:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-07 20:34:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-07 18:22:37 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-07 18:22:35 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-07 18:22:34 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-07 18:22:30 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-07 18:22:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-07 18:21:34 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-07 18:21:19 -------- d-----w- C:\Program Files\AVAST Software
2013-05-07 18:20:17 -------- d-----w- C:\ProgramData\AVAST Software
2013-05-07 14:31:34 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CDBA5C0-E083-454E-87CE-16250909BCE9}\mpengine.dll
2013-05-05 22:35:03 -------- d-----w- C:\Users\Adm\AppData\Roaming\ManyCam
2013-05-05 22:35:03 -------- d-----w- C:\Users\Adm\AppData\Local\ManyCam
2013-05-05 22:35:03 -------- d-----w- C:\ProgramData\ManyCam
2013-05-05 22:35:01 44928 ----a-w- C:\Windows\System32\drivers\mcvidrv_x64.sys
2013-05-05 22:33:57 -------- d-----w- C:\Program Files (x86)\ManyCam
2013-05-05 22:26:52 -------- d-----w- C:\Program Files (x86)\wLite
2013-05-03 11:27:00 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-05-03 09:55:48 -------- d-----w- C:\Users\Adm\.ssh
2013-05-03 09:54:55 -------- d-----w- C:\Users\Adm\AppData\Roaming\GitHub
2013-05-03 09:54:50 -------- d-----w- C:\Users\Adm\AppData\Local\GitHub
2013-05-03 09:45:30 -------- d-----w- C:\Program Files (x86)\Git
2013-05-02 20:42:11 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-01 02:50:53 -------- d-----w- C:\Users\Adm\AppData\Local\Western Digital
2013-04-30 14:28:41 -------- d-----w- C:\Google Nexus 4 ToolKit
2013-04-30 13:17:13 36256 ----a-w- C:\Windows\System32\drivers\androidusb.sys
2013-04-30 13:17:13 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
2013-04-30 13:17:12 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2013-04-29 16:51:00 -------- d-----w- C:\Users\Adm\.android
2013-04-29 16:47:23 -------- d-----w- C:\adt-bundle-windows-x86_64-20130219
2013-04-28 07:17:26 -------- d-----w- C:\ProgramData\CCP
2013-04-28 02:07:00 -------- d-----w- C:\Program Files (x86)\CCP
2013-04-27 20:08:18 -------- d-----w- C:\Users\Adm\AppData\Local\CCP
2013-04-27 08:17:12 -------- d-----w- C:\Users\Adm\AppData\Roaming\Sublime Text 2
2013-04-26 23:59:15 -------- d-----w- C:\Program Files\Sublime Text 2
2013-04-24 11:40:18 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-18 12:45:51 -------- d-----w- C:\Program Files\TAP-Windows
2013-04-18 08:47:34 -------- d-----w- C:\Users\Adm\AppData\Roaming\Actual Tools
2013-04-18 08:47:01 -------- d-----w- C:\Program Files (x86)\Actual Multiple Monitors
2013-04-15 14:54:02 -------- d-----w- C:\Users\Adm\AppData\Local\Downloaded Installations
2013-04-14 09:10:07 -------- d-----w- C:\Users\Adm\AppData\Local\6_Wunderkinder_GmbH
2013-04-13 16:50:24 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-04-13 16:50:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-04-12 21:18:07 -------- d-----w- C:\Program Files\OpenVPN
2013-04-12 21:10:52 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-04-11 01:01:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2013-04-10 19:42:00 -------- d-----w- C:\ProgramData\xml_param
2013-04-10 19:39:40 -------- d-----w- C:\Users\Adm\AppData\Roaming\Wondershare Video Converter Ultimate
2013-04-10 19:39:39 -------- d-----w- C:\Users\Adm\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-04-10 19:39:21 -------- d-----w- C:\Users\Adm\AppData\Local\Wondershare
2013-04-10 19:39:21 -------- d-----w- C:\Program Files\Common Files\Wondershare
2013-04-10 19:38:56 727952 ----a-w- C:\Windows\SysWow64\WSCM64.dll
2013-04-10 19:38:56 153088 ----a-w- C:\Windows\SysWow64\WSCM32.dll
2013-04-10 19:38:52 -------- d-----w- C:\ProgramData\Wondershare Video Converter Ultimate
2013-04-10 19:38:49 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-04-08 18:51:54 -------- d-----w- C:\Program Files\AutoHotkey
.
==================== Find3M  ====================
.
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-23 12:38:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 12:38:56 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-19 13:37:40 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-19 13:37:40 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-08 18:30:28 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-22 19:36:33 14823424 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-03-21 16:32:28 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-21 16:32:28 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-09 18:29:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-19 17:33:44 101376 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-08 14:45:38 36736 ----a-w- C:\Windows\System32\drivers\tap0901.sys
.
============= FINISH:  2:14:46,52 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 11 May 2013 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 12 May 2013 - 07:08 AM

Chekup.txt :



 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.169  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1) 
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: = 
````````````````````End of Log`````````````````````` 
 

AdwCleaner[S1].txt :



# AdwCleaner v2.300 - Rapport créé le 12/05/2013 à 13:32:06
# Mis à jour le 28/04/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Adm - ORDI-JEROME
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Adm\Desktop\adwcleaner.exe
# Option [Suppression]
 
 
***** [Services] *****
 
 
***** [Fichiers / Dossiers] *****
 
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\DeviceVM
Dossier Supprimé : C:\Users\Adm\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Adm\AppData\Roaming\DeviceVM
Dossier Supprimé : C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\jetpack
 
***** [Registre] *****
 
Clé Supprimée : HKCU\Software\APN PIP
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\Software\PIP
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [Navigateurs] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Le registre ne contient aucune entrée illégitime.
 
-\\ Mozilla Firefox v20.0.1 (fr)
 
Fichier : C:\Users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\prefs.js
 
[OK] Le fichier ne contient aucune entrée illégitime.
 
-\\ Google Chrome v26.0.1410.64
 
Fichier : C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Le fichier ne contient aucune entrée illégitime.
 
*************************
 
AdwCleaner[S1].txt - [2245 octets] - [12/05/2013 13:32:06]
 
########## EOF - C:\AdwCleaner[S1].txt - [2305 octets] ##########
 

ComboFix log.txt:

 

 

ComboFix 13-05-12.01 - Adm 12/05/2013  13:44:20.2.4 - x64
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.4079.2154 [GMT 2:00]
Lancé depuis: c:\users\Adm\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adm\AppData\Local\Temp\ammemb.dll
c:\users\Adm\AppData\Local\Temp\ammemb64.dll
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM3236.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM3563.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM393C.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM3E6E.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM40F0.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM4507.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM47E6.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM4B23.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM4D66.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM4F9A.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM5160.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM5374.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM555A.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM57CC.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM5A5D.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM5F30.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM61F0.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM6491.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM6751.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM6A5F.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM6E09.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM6FEE.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM728F.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM759E.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM785E.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM7A24.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM7D13.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM7F76.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM8284.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM8A81.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM8D70.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM9011.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM930F.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM95CF.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM97C4.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM9C39.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEM9FE3.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMA37E.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMA4F6.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMAB7D.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMAEE9.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMB560.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMBD31.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMBFE2.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMC32E.tmp
c:\users\Adm\AppData\Local\Temp\XTMP1MC3VE\DEMC552.tmp
c:\users\Adm\AppData\Local\Temp\YTMP7MC8AA\TAA3A09.tmp
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-04-12 au 2013-05-12  ))))))))))))))))))))))))))))))))))))
.
.
2013-05-12 11:53 . 2013-05-12 11:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-12 11:53 . 2013-05-12 11:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-07 20:34 . 2013-05-07 20:34 -------- d-----w- c:\users\Adm\AppData\Roaming\Malwarebytes
2013-05-07 20:34 . 2013-05-07 20:34 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 20:34 . 2013-05-07 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-07 20:34 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 18:22 . 2013-05-01 23:34 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-07 18:22 . 2013-05-01 23:34 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-07 18:22 . 2013-05-01 23:34 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-07 18:22 . 2013-05-01 23:34 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-07 18:22 . 2013-05-01 23:34 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-07 18:22 . 2013-05-02 15:44 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-07 18:22 . 2013-05-01 23:34 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-07 18:22 . 2013-05-01 23:34 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-07 18:22 . 2013-05-01 23:33 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-07 18:21 . 2013-05-01 23:33 41664 ----a-w- c:\windows\avastSS.scr
2013-05-07 18:21 . 2013-05-07 18:21 -------- d-----w- c:\program files\AVAST Software
2013-05-07 18:20 . 2013-05-07 18:21 -------- d-----w- c:\programdata\AVAST Software
2013-05-05 22:35 . 2013-05-05 22:36 -------- d-----w- c:\users\Adm\AppData\Roaming\ManyCam
2013-05-05 22:35 . 2013-05-05 22:36 -------- d-----w- c:\users\Adm\AppData\Local\ManyCam
2013-05-05 22:35 . 2013-05-05 22:35 -------- d-----w- c:\programdata\ManyCam
2013-05-05 22:35 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2013-05-05 22:33 . 2013-05-05 22:35 -------- d-----w- c:\program files (x86)\ManyCam
2013-05-05 22:26 . 2013-05-05 22:26 -------- d-----w- c:\program files (x86)\wLite
2013-05-03 11:27 . 2013-05-03 11:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-05-03 09:55 . 2013-05-03 09:55 -------- d-----w- c:\users\Adm\.ssh
2013-05-03 09:54 . 2013-05-03 09:54 -------- d-----w- c:\users\Adm\AppData\Roaming\GitHub
2013-05-03 09:54 . 2013-05-03 10:09 -------- d-----w- c:\users\Adm\AppData\Local\GitHub
2013-05-03 09:45 . 2013-05-03 09:45 -------- d-----w- c:\program files (x86)\Git
2013-05-02 20:43 . 2013-05-02 20:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-02 20:42 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-01 02:50 . 2013-05-01 02:50 -------- d-----w- c:\users\Adm\AppData\Local\Western Digital
2013-04-30 14:28 . 2013-04-30 15:35 -------- d-----w- C:\Google Nexus 4 ToolKit
2013-04-30 13:17 . 2011-11-24 23:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2013-04-30 13:17 . 2009-11-13 22:05 36256 ----a-w- c:\windows\system32\drivers\androidusb.sys
2013-04-30 13:17 . 2013-04-30 13:17 -------- d-----w- c:\program files (x86)\PdaNet for Android
2013-04-29 16:51 . 2013-04-30 13:37 -------- d-----w- c:\users\Adm\.android
2013-04-29 16:47 . 2013-04-29 16:48 -------- d-----w- C:\adt-bundle-windows-x86_64-20130219
2013-04-28 07:17 . 2013-04-28 07:17 -------- d-----w- c:\programdata\CCP
2013-04-28 02:07 . 2013-04-28 02:07 -------- d-----w- c:\program files (x86)\CCP
2013-04-27 20:08 . 2013-04-27 20:08 -------- d-----w- c:\users\Adm\AppData\Local\CCP
2013-04-27 08:17 . 2013-04-27 12:37 -------- d-----w- c:\users\Adm\AppData\Roaming\Sublime Text 2
2013-04-26 23:59 . 2013-04-27 08:17 -------- d-----w- c:\program files\Sublime Text 2
2013-04-24 11:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 12:45 . 2013-04-18 12:45 -------- d-----w- c:\program files\TAP-Windows
2013-04-18 08:47 . 2013-04-18 08:47 -------- d-----w- c:\users\Adm\AppData\Roaming\Actual Tools
2013-04-18 08:47 . 2013-04-18 08:47 -------- d-----w- c:\program files (x86)\Actual Multiple Monitors
2013-04-15 14:55 . 2013-04-15 15:01 -------- d-----w- c:\program files (x86)\Logitech
2013-04-15 14:54 . 2013-04-15 15:00 -------- d-----w- c:\users\Adm\AppData\Local\Downloaded Installations
2013-04-14 09:10 . 2013-04-14 09:10 -------- d-----w- c:\users\Adm\AppData\Local\6_Wunderkinder_GmbH
2013-04-13 16:50 . 2012-06-09 18:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-04-13 16:50 . 2013-04-13 16:50 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-04-13 09:19 . 2013-04-13 09:19 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-12 21:18 . 2013-05-04 12:38 -------- d-----w- c:\program files\OpenVPN
2013-04-12 21:10 . 2013-04-12 21:10 -------- d-----w- c:\program files (x86)\WinSCP
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2012-11-10 14:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 12:38 . 2013-01-13 10:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 12:38 . 2013-01-13 10:10 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-19 13:37 . 2012-11-26 13:15 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-19 13:37 . 2012-11-15 19:31 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-11 01:02 . 2012-11-10 15:57 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-10 03:46 . 2013-05-07 14:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CDBA5C0-E083-454E-87CE-16250909BCE9}\mpengine.dll
2013-04-08 18:30 . 2012-11-15 19:31 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-01 09:03 . 2013-04-10 19:38 727952 ----a-w- c:\windows\SysWow64\WSCM64.dll
2013-04-01 09:03 . 2013-04-10 19:38 153088 ----a-w- c:\windows\SysWow64\WSCM32.dll
2013-03-22 19:36 . 2013-03-22 19:36 14823424 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-03-21 16:32 . 2012-11-17 15:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-21 16:32 . 2012-11-17 15:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 06:54 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:54 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:54 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:54 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:54 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-15 05:53 . 2013-01-14 10:32 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2012-11-17 15:34 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2012-11-17 15:34 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-11-17 15:34 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-11-17 15:34 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-11-17 15:34 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2012-11-17 15:34 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-11-17 15:34 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-11-17 15:34 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-11-17 15:34 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-11-17 15:34 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-11-17 15:34 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-14 20:07 . 2013-03-14 20:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 16:24 . 2012-11-17 15:34 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-09 18:29 . 2012-11-15 19:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-03-01 03:36 . 2013-04-10 06:54 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-19 17:33 . 2013-02-19 17:33 101376 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2013-02-15 06:08 . 2013-04-10 06:54 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 06:54 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 06:54 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 06:54 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 06:54 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 06:54 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-14 13:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 13:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 13:28 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 13:28 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 13:28 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 13:28 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:06 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 20:14 222808 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 20:14 222808 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 20:14 222808 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"F.lux"="c:\users\Adm\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Audiogalaxy"="c:\users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe" [2012-11-12 2958976]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-10 288048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Wunderlist"="c:\users\Adm\AppData\Local\Apps\2.0\31381JEX.6Q6\48V81EQJ.8KC\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" [2013-04-13 6924288]
"MusicManager"="c:\users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840]
"RemotelessHelper"="c:\program files (x86)\RemotelessHelper\RemotelessHelper.exe" [2013-02-10 1541632]
"SkyDrive"="c:\users\Adm\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-03-18 256600]
"Spotify Web Helper"="c:\users\Adm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
"Spotify"="c:\users\Adm\AppData\Roaming\Spotify\Spotify.exe" [2013-05-03 4573184]
"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2013-04-15 1735472]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2013-04-10 5400912]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-11-10 4942336]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
.
c:\users\Adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Adm\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-2 1086816]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2013-4-30 1054320]
SoundSwitch.appref-ms [2013-4-9 354]
Talk.to.lnk - c:\users\Adm\AppData\Roaming\Talk.to\Launch.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-3-22 14823424]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-3-22 14823424]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-11-15 1207312]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-28 262144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-11-13 36256]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-10 79360]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-11-10 31808]
R3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2013-01-23 13368]
R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 416768]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2011-07-13 1045608]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-10 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Adm\AppData\Local\Temp\tmpE37F.tmp [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-10 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-11-10 15936]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-01 80816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2013-02-19 101376]
S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-11-10 79360]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 12:38]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435379628-1644037483-1594129214-1000Core.job
- c:\users\Adm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 14:23]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435379628-1644037483-1594129214-1000UA.job
- c:\users\Adm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 14:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-18 20:14 261704 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-18 20:14 261704 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-18 20:14 261704 ----a-w- c:\users\Adm\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Adm\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Capture la sélection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Capturer cette page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Capturer l'URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Adm\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: Nouvelle note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Remplissage de Formulaire LastPass - file://c:\users\Adm\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\
FF - ExtSQL: 2013-03-22 20:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-22 20:36; support@lastpass.com; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\support@lastpass.com
FF - ExtSQL: 2013-03-24 20:32; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-03-26 21:19; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-08 20:23; firefox@mega.co.nz; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: 2013-04-14 13:41; en-US@dictionaries.addons.mozilla.org; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\en-US@dictionaries.addons.mozilla.org
FF - ExtSQL: 2013-04-18 20:11; firebug@software.joehewitt.com; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-05-06 14:34; jid1-4P0kohSJxU1qGg@jetpack; c:\users\Adm\AppData\Roaming\Mozilla\Firefox\Profiles\kn1qlgw8.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
FF - ExtSQL: 2013-05-07 20:21; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-IPCameraDSFilter - c:\program files (x86)\wLite\ipds-uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Adm\AppData\Local\Temp\tmpE37F.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-435379628-1644037483-1594129214-1000\Software\SecuROM\License information*]
"datasecu"=hex:8d,5b,4f,6a,87,cd,36,d8,5a,f8,dd,21,a8,ad,d7,71,19,64,4d,19,23,
   90,10,e0,0e,df,72,b9,fe,80,3e,f6,49,41,6e,6b,3b,1f,40,c6,08,41,9f,93,bf,19,\
"rkeysecu"=hex:33,4e,6a,fd,01,71,9e,cd,8a,26,cb,a0,45,9c,b8,2f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtWlan.exe
c:\users\Adm\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2013-05-12  14:04:13 - La machine a redémarré
ComboFix-quarantined-files.txt  2013-05-12 12:04
ComboFix2.txt  2013-05-08 00:05
.
Avant-CF: 376 152 555 520 octets libres
Après-CF: 375 919 022 080 octets libres
.
- - End Of File - - 321FAAC31FCB3780F4A6EA3A91996F09
 


To check if I had still something, I ran an HijackThis and got a lot of red when I run the log through hijackthis.de



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:06:56, on 12/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Users\Adm\Local Settings\Apps\F.lux\flux.exe
C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\RemotelessHelper\RemotelessHelper.exe
C:\Users\Adm\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Adm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Adm\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Users\Adm\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Users\Adm\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Logitech\G930\G930.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adm\Desktop\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Adm\AppData\Local\Google\Chrome\Application\chrome.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
O4 - HKLM\..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [F.lux] "C:\Users\Adm\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [Audiogalaxy] "C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Wunderlist] "C:\Users\Adm\AppData\Local\Apps\2.0\31381JEX.6Q6\48V81EQJ.8KC\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [RemotelessHelper] "C:\Program Files (x86)\RemotelessHelper\RemotelessHelper.exe"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Adm\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Adm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Adm\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-21-435379628-1644037483-1594129214-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-435379628-1644037483-1594129214-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Adm\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O4 - Startup: SoundSwitch.appref-ms
O4 - Startup: Talk.to.lnk = Adm\AppData\Roaming\Talk.to\Launch.exe
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Capture la sélection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Capturer cette page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Capturer l'URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Users\Adm\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Nouvelle note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Remplissage de Formulaire LastPass - file://C:\Users\Adm\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Arp Intelligent Protection Service (AIPS) - Arcai.com - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Realtek11nCU - Realtek - C:\Program Files (x86)\Bluestork BS-WN-USB\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
 
--
End of file - 33313 bytes
 

Should I try to fix the entries with HijackThis ? Any other steps to take ?

Thanks for your help



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 12 May 2013 - 08:48 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

To check if I had still something, I ran an HijackThis and got a lot of red when I run the log through hijackthis.de

HijackThis does not support Windows 7. I suggest you remove it using the Add/Remove Progams list.
DDS is now the tool you should use to when reporting problems.
===

#5 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 12 May 2013 - 09:12 AM

Using Chrome, I use an embedded Flash player. 

I just monitored my up/down connections and if I don't limit it, Svchost still uploaded a few megabytes (I restrained the speed as soon as I saw upload).

Any other things to fix my computer ?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 12 May 2013 - 10:08 AM

Using Chrome, I use an embedded Flash player.

Yes but you use IE to get the Microsoft Updates. Open IE and check the link for the flash update.

===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.
  • [/list]


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 18 May 2013 - 08:35 AM

Are you still with me?

#8 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 18 May 2013 - 09:55 AM

Yes, really busy atm, will do this later if you don't mind



#9 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 20 May 2013 - 03:01 PM

RogueKiller V8.5.4 _x64_ [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Adm [Droits d'admin]
Mode : Suppression -- Date : 20/05/2013 21:57:50
| ARK || FAK || MBR |
 
¤¤¤ Processus malicieux : 12 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[SUSP PATH] Audiogalaxy.exe -- C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe [7] -> TUÉ [TermProc]
[SUSP PATH] Wunderlist.exe -- C:\Users\Adm\AppData\Local\Apps\2.0\31381JEX.6Q6\48V81EQJ.8KC\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe [-] -> TUÉ [TermProc]
[SUSP PATH] MusicManager.exe -- C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [-] -> TUÉ [TermProc]
[SUSP PATH] Sound_Blaster_X-Fi_MB_Cleanup.0001 -- C:\Users\Adm\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 [-] -> TUÉ [TermProc]
[SUSP PATH] SoundSwitch.exe -- C:\Users\Adm\AppData\Local\Apps\2.0\LKJZR88H.VDV\XR2R5KEE.17D\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe [-] -> TUÉ [TermProc]
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Adm\AppData\Local\Temp\ammemb64.dll [x] -> DECHARGÉE
 
¤¤¤ Entrees de registre : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Audiogalaxy ("C:\Users\Adm\AppData\Local\Audiogalaxy\Audiogalaxy.exe" /startup) [7] -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : Wunderlist ("C:\Users\Adm\AppData\Local\Apps\2.0\31381JEX.6Q6\48V81EQJ.8KC\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe" /silent) [-] -> SUPPRIMÉ
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Adm\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> SUPPRIMÉ
[RUN][BLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> SUPPRIMÉ
[STARTUP][SUSP PATH] Talk.to.lnk @Adm : C:\Users\Adm\AppData\Roaming\Talk.to\Launch.exe [x] -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
 
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
 
¤¤¤ Driver : [NON CHARGE] ¤¤¤
 
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Verif: ¤¤¤
 
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 193d8ca25b5746228eb1338021014c8d
[BSP] ec41a216ba3f8f0df27a980c331511bf : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Termine : << RKreport[2]_D_20052013_215750.txt >>
RKreport[1]_S_20052013_215642.txt ; RKreport[2]_D_20052013_215750.txt
 
 
 

This is the report from Rogue Scanner, the ESET Online Scan will be there soon...



#10 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 21 May 2013 - 02:54 AM

And :

 

C:\Users\Adm\Desktop\Downloads\AssassinsCreedIISaveFix_SK_BTARENA.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined

C:\Users\Adm\Desktop\Downloads\µTorrent_uTorrent_1.8.3_Build_16010_Stable_setup.exe Win32/Hoax.ArchSMS.ABC application cleaned by deleting - quarantined


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 21 May 2013 - 08:53 AM

Any remaining issues with this computer?

#12 jargot

jargot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 21 May 2013 - 09:04 AM

I still have a LOT of red crosses if I run my HijackThis analysis through hijackthis.de but that may be due to the Windows 7 incompability you mentionned. I'm not seeing any unusual upload/download in my svchost.exe but it might come later; I just disabled the download/upload limits on Netlimiter



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 21 May 2013 - 09:06 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 AM

Posted 27 May 2013 - 08:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users