Page 1 of 4 123 ... LastLast
Results 1 to 10 of 36
  1. #1
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default I am just lost !

    First of all sorry for my poor english.

    I have a PC witch, after I lent it to my son for a few weeks, is going very slow.
    At startup I see that the hard drive is continuously sollicitated. After 10 minutes the hard drive stops. But as soon as I start any action on the computer the hard drive starts again and it takes very loong to execute anything...
    If I use a software like "WhatsMyComputersdoing" I see many instances of SVCHOST and with an analysis it says that it is suspicious because it is not in SYSTEM32 directory...
    But if find it in SYSTEM32 directory and if I send it to online virus scanner it commes back as not infected...
    The PC was protected by an up to date Avast and MalwareBytes antimalware that I have run and they haven't found anything.
    I have turned off indexing and removed all the un-necssary files and programs I felt confident enough to delete.
    I have used Ccleaner to remove all the unnecessary files and remove the unnecessary entries in the registry.
    I have used the microsoft cleanmgr.exe.
    I have scanned it with avast, then I remoed Avast and installed Baidu Antivirus and none have found anything.
    I have removed the antivirus to scan the machine with HijackThis, hoping that it would leave less lines in the log file and it would be clearer for me to understand... but it is above my knowledge!
    So I followed your advises and i did run Super AntispyWare, MalwareBytes antimalware and HijackThis.

    I enclose the logs (sorry the malwarebytes log is in french but you will see that the online protection is off but the scan was looking for all types of threats and returned no danger...

    Could you please tell me if my system has been tweaked using malicious programs, or if it looks normal to you ? and maybe what is it doing for more than 10 minutes with the hard drive when it starts and when I use it ?

    Sorry again for my english, I hope it was good enough to be understood.

    Thank you in advance for the time you'll spend on my problem and for your help.

    Anthony

    hijackthis log :

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:33:11, on 01/12/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17420)
    CHROME: 34.0.1847.131
    FIREFOX: 33.1 (x86 fr)
    Boot mode: Normal

    Running processes:
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-194893992-623586184-2154427634-500\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Administrator')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://sslvpn.esker.fr/NELX.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

    --
    End of file - 19627 bytes
    -----------------------------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes log :

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Date de l'examen: 01/12/2014
    Heure de l'examen: 12:02:45
    Fichier journal: log Malwarebyte.txt
    Administrateur: Oui

    Version: 2.00.3.1025
    Base de données Malveillants: v2014.12.01.02
    Base de données Rootkits: v2014.11.30.01
    Licence: Gratuit
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows 7 Service Pack 1
    Processeur: x64
    Système de fichiers: NTFS
    Utilisateur: Tony

    Type d'examen: Examen "Menaces"
    Résultat: Terminé
    Objets analysés: 369502
    Temps écoulé: 27 min, 30 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Activé(e)
    Examen approfondi Rootkits: Activé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux detecté)

    Modules: 0
    (Aucun élément malicieux detecté)

    Clés du Registre: 0
    (Aucun élément malicieux detecté)

    Valeurs du Registre: 0
    (Aucun élément malicieux detecté)

    Données du Registre: 0
    (Aucun élément malicieux detecté)

    Dossiers: 0
    (Aucun élément malicieux detecté)

    Fichiers: 0
    (Aucun élément malicieux detecté)

    Secteurs physiques: 0
    (Aucun élément malicieux detecté)


    (end)

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------

    SuperAntispyware log :
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/01/2014 at 11:56 AM

    Application Version : 6.0.1164
    Database Version : 11634

    Scan type : Complete Scan
    Total Scan Time : 00:23:50

    Operating System Information
    Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 656
    Memory threats detected : 0
    Registry items scanned : 68553
    Registry threats detected : 0
    File items scanned : 21209
    File threats detected : 21

    Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .smartadserver.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    Ad Server: Integrated Mobile, Video & RTB - Smart AdServer [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revenuemantra.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .weborama.fr [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.mlnadvertising.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TONY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    ============
    End of Log
    ============
    ---------------------------------------------------------------------------------------------------------------------------------------------------------------

    Thank You !

  2. #2
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default

    Since I started this thread, I have installed kaspersky antivirus.
    I updated the database and did a full scan.
    No virus was found....

    So it is three different anti virus with the same result ... but the computer's hard disk light is blinking a lot and it is awfully slow....

    I am lost and don't know what to do or where to look...

    If anyone could help .... Thanks

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Please download Farbar Recovery Scan Tool and save it to your Desktop. Make sure this program in downloaded to the desktop. Otherwise it will not work.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  4. #4
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default

    Thank you FRST516 for your answer !!!

    here is the frst report :

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
    Ran by Tony (administrator) on PC on 02-12-2014 00:07:22
    Running from C:\Users\Tony\Desktop
    Loaded Profile: Tony (Available profiles: Tony & Administrator)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Anglais (États-Unis)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (AMD) C:\Windows\System32\atieclxx.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1533736 2008-06-20] (Synaptics, Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\Policies\Explorer: [NoThumbnailCache] 1
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {59be9c57-b541-11e0-8679-cafb50e577b4} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {cfe78379-ec9a-11e1-9ca7-001b38ae0541} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {de7e045d-a5b5-11e2-a1a5-0214e0fccbcf} - I:\Setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-194893992-623586184-2154427634-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x56B948D9FBF7CD01
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.esker.fr/NELX.cab
    Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sp7bj24i.default
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: https://fr.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: https://fr.yahoo.com?fr=hp-avast&type=avastbcl
    FF Keyword.URL: https://fr.search.yahoo.com/yhs/search
    FF NetworkProxy: "ftp", "127.0.0.1"
    FF NetworkProxy: "ftp_port", 4446
    FF NetworkProxy: "http", "127.0.0.1"
    FF NetworkProxy: "http_port", 4444
    FF NetworkProxy: "ssl", "127.0.0.1"
    FF NetworkProxy: "ssl_port", 4445
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
    FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
    FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
    FF Plugin-x32: @ma-config.com/HardwareDetection -> C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKU\S-1-5-21-194893992-623586184-2154427634-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-194893992-623586184-2154427634-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sp7bj24i.default\searchplugins\yahoo-avast.xml
    FF Extension: DownThemAll! AntiContainer - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sp7bj24i.default\Extensions\anticontainer@downthemall.net.xpi [2013-02-04]
    FF Extension: DownThemAll! - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sp7bj24i.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-04]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-01]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-01]
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-01]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
    FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-01]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
    FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-01]

    Chrome:
    =======
    CHR Profile: C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (YouTube) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-25]
    CHR Extension: (Image Downloader) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2012-12-06]
    CHR Extension: (Recherche Google) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-25]
    CHR Extension: (Kaspersky Protection) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-01]
    CHR Extension: (Image collector extension) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhffefhdkeibnkdldinbncimlojchnie [2012-12-06]
    CHR Extension: (Freemake Video Converter) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-07-23]
    CHR Extension: (Quick Earth) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\khodocggeplgfhppgagfdpbjkniadmdh [2014-07-12]
    CHR Extension: (GetThemAll Downloader) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-11-06]
    CHR Extension: (Google*Wallet) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
    CHR Extension: (Gmail) - C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-25]
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/d...jmlmojhbllhbho []
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/d...jmlmojhbllhbho []
    CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-08-22]
    CHR StartMenuInternet: Google Chrome - C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
    S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-26] (Freemake) [File not signed]
    S4 maconfservice; C:\Program Files (x86)\ma-config.com\maconfservice.exe [311928 2011-11-25] (CybelSoft)
    S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
    S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
    S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
    R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 driverhardwarev2x64; C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [16640 2011-07-21] (CybelSoft)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-12] (DT Soft Ltd)
    R1 FreeOTFE; C:\Windows\System32\FreeOTFE.sys [38512 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherAES_ltc; C:\Windows\System32\FreeOTFECypherAES_ltc.sys [50800 2010-02-08] (Sarah Dean) [File not signed]
    R1 FreeOTFECypherBlowfish; C:\Windows\System32\FreeOTFECypherBlowfish.sys [27760 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherCAST5; C:\Windows\System32\FreeOTFECypherCAST5.sys [34928 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherCAST6_Gladman; C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [34928 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherDES; C:\Windows\System32\FreeOTFECypherDES.sys [60016 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherMARS_Gladman; C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [30832 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherRC6_ltc; C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [29296 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherSerpent_Gladman; C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [35952 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFECypherTwofish_ltc; C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [35440 2010-02-08] (Sarah Dean) [File not signed]
    R1 FreeOTFEHashMD; C:\Windows\System32\FreeOTFEHashMD.sys [22640 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFEHashRIPEMD; C:\Windows\System32\FreeOTFEHashRIPEMD.sys [38512 2010-02-08] (Sarah Dean) [File not signed]
    R1 FreeOTFEHashSHA; C:\Windows\System32\FreeOTFEHashSHA.sys [29296 2010-02-08] (Sarah Dean) [File not signed]
    S3 FreeOTFEHashTiger; C:\Windows\System32\FreeOTFEHashTiger.sys [26224 2010-02-08] (Sarah Dean) [File not signed]
    R1 FreeOTFEHashWhirlpool; C:\Windows\System32\FreeOTFEHashWhirlpool.sys [34928 2010-02-08] (Sarah Dean) [File not signed]
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-12-01] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-12-01] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
    S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-27] (SonicWALL Inc.)
    S3 SeqCal; C:\Windows\System32\DRIVERS\SeqCal.sys [7808 2005-12-13] (GretagMacbeth LLC)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2012-02-26] () [File not signed]
    R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-28] (Samsung Electronics)
    R3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156872 2011-09-05] (TamoSoft)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    U3 a45l19bs; C:\Windows\System32\Drivers\a45l19bs.sys [0 ] (Microsoft Corporation)
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-02 00:07 - 2014-12-02 00:08 - 00021948 _____ () C:\Users\Tony\Desktop\FRST.txt
    2014-12-02 00:06 - 2014-12-02 00:07 - 00000000 ____D () C:\FRST
    2014-12-02 00:05 - 2014-12-02 00:05 - 02117120 _____ (Farbar) C:\Users\Tony\Desktop\FRST64.exe
    2014-12-01 22:45 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-12-01 22:45 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-12-01 16:29 - 2014-12-01 23:20 - 00002330 _____ () C:\Users\Tony\Desktop\Protection bancaire.lnk
    2014-12-01 16:26 - 2014-12-01 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
    2014-12-01 16:26 - 2014-12-01 16:24 - 00001194 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
    2014-12-01 16:24 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
    2014-12-01 16:22 - 2014-12-02 00:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-12-01 16:22 - 2014-12-01 16:22 - 00000000 ____D () C:\Windows\ELAMBKUP
    2014-12-01 16:22 - 2014-12-01 16:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
    2014-12-01 16:21 - 2014-12-01 16:38 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
    2014-12-01 16:21 - 2014-12-01 16:38 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
    2014-12-01 16:21 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
    2014-12-01 16:13 - 2014-12-01 16:13 - 00052238 _____ () C:\Users\Tony\Downloads\UDPixel22_installer.exe
    2014-12-01 16:13 - 2014-12-01 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UDPixel
    2014-12-01 16:12 - 2014-12-01 16:12 - 00000102 _____ () C:\Users\Tony\Desktop\Forum Spyware, virus, hijackthis... désinfection.url
    2014-12-01 16:11 - 2014-12-01 16:11 - 03047424 _____ (Emjysoft ) C:\Users\Tony\Downloads\pixelrea.exe
    2014-12-01 16:01 - 2014-12-01 16:03 - 170245952 _____ (Kaspersky Lab) C:\Users\Tony\Downloads\kis15.0.0.463fr_6152.exe
    2014-12-01 15:58 - 2014-12-01 15:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\Tony\Downloads\DuplicateCleaner_setup (1).exe
    2014-12-01 15:46 - 2014-12-01 15:46 - 00000068 _____ () C:\Users\Tony\Desktop\Spyware Help.url
    2014-12-01 11:57 - 2014-12-01 11:57 - 00002518 _____ () C:\SUPERAntiSpyware Scan Log - 12-01-2014 - 11-56-28.log
    2014-12-01 09:47 - 2014-12-01 09:47 - 00000000 ____D () C:\SUPERDelete
    2014-12-01 09:46 - 2014-12-01 09:46 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\SUPERAntiSpyware.com
    2014-12-01 09:45 - 2014-12-01 09:45 - 20632416 _____ (SUPERAntiSpyware) C:\Users\Tony\Downloads\SUPERAntiSpyware.exe
    2014-12-01 09:45 - 2014-12-01 09:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-11-30 22:48 - 2014-11-30 22:48 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\Baidu
    2014-11-30 22:41 - 2014-12-01 23:17 - 00000280 _____ () C:\Windows\setupact.log
    2014-11-30 22:41 - 2014-11-30 22:41 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-30 22:40 - 2014-12-01 23:17 - 00003296 _____ () C:\Windows\PFRO.log
    2014-11-30 18:57 - 2014-11-30 18:57 - 02347384 _____ (ESET) C:\esetsmartinstaller_enu.exe
    2014-11-30 18:35 - 2014-11-30 18:36 - 00416576 _____ (Kaspersky Lab) C:\kasp secur scan setup.exe
    2014-11-30 11:10 - 2014-11-30 11:10 - 00333056 _____ () C:\pjjoint_uploader (1).exe
    2014-11-30 11:06 - 2014-11-30 11:06 - 00388608 _____ (Trend Micro Inc.) C:\HijackThis.exe
    2014-11-30 11:02 - 2014-11-30 11:15 - 00067503 _____ () C:\Users\Tony\Desktop\HijackThis.exe
    2014-11-30 11:01 - 2014-11-30 11:02 - 00333056 _____ () C:\pjjoint_uploader.exe
    2014-11-30 10:56 - 2014-12-01 22:08 - 00021397 _____ () C:\hijackthis.log
    2014-11-30 10:53 - 2014-11-30 10:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tony\Documents\HijackThis.exe
    2014-11-30 09:55 - 2014-11-30 09:55 - 00000115 _____ () C:\Users\Tony\Desktop\Malekal's forum • Comment optimiser vous même votre ordinateur - - Optimisation et problème de lenteur PC.url
    2014-11-27 15:59 - 2014-11-27 15:59 - 05162080 _____ (Piriform Ltd) C:\Users\Tony\Documents\ccsetup500.exe
    2014-11-20 13:26 - 2014-11-20 13:26 - 00000000 ____D () C:\Users\Tony\AppData\Local\Secunia PSI
    2014-11-20 13:25 - 2014-11-20 13:25 - 05329480 _____ (Secunia) C:\Users\Tony\Documents\PSISetup.exe
    2014-11-20 13:25 - 2014-11-20 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
    2014-11-19 17:19 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-19 17:19 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-19 17:19 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-19 17:19 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-19 16:41 - 2014-11-19 16:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-11-19 16:41 - 2014-11-19 16:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-11-19 16:41 - 2014-11-19 16:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-19 16:21 - 2014-11-19 16:22 - 00638888 _____ (Oracle Corporation) C:\Users\Tony\Downloads\jxpiinstall.exe
    2014-11-18 09:48 - 2014-11-30 22:52 - 00000000 ____D () C:\ProgramData\Baidu Security
    2014-11-18 09:48 - 2014-11-18 09:48 - 00000000 ____D () C:\ProgramData\baidu
    2014-11-18 09:47 - 2014-11-18 09:47 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
    2014-11-18 09:40 - 2014-11-18 09:46 - 137228536 _____ (Baidu, Inc.) C:\Users\Tony\Downloads\BavProFull_Setup.exe
    2014-11-18 09:28 - 2014-11-18 09:28 - 00000000 ____D () C:\Users\Public\Documents\Baidu
    2014-11-18 09:18 - 2014-11-18 09:18 - 01979240 _____ (Baidu, Inc.) C:\Users\Tony\Downloads\BavPro_Setup_Mini_GL.exe
    2014-11-18 09:09 - 2014-11-18 09:10 - 00362880 _____ (Kaspersky Lab) C:\Users\Tony\Downloads\setup.exe
    2014-11-17 19:09 - 2014-11-17 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Rich Tools
    2014-11-17 19:09 - 2014-11-17 19:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Rich Tools
    2014-11-17 19:07 - 2014-11-17 19:07 - 00000000 ____D () C:\HoffmanUtilitySpotlight
    2014-11-17 19:06 - 2014-11-17 19:06 - 06078344 _____ (Microsoft Corporation) C:\Users\Tony\Downloads\HoffmanUtilitySpotlight2009_04.exe
    2014-11-17 18:48 - 2014-11-17 18:48 - 06433055 _____ (WinMerge ) C:\Users\Tony\Downloads\WinMerge-2.14.0-Setup.exe
    2014-11-17 18:46 - 2014-11-17 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-17 18:15 - 2014-11-18 09:21 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\DigitalVolcano
    2014-11-17 18:14 - 2014-11-17 18:14 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\Tony\Downloads\DuplicateCleaner_setup.exe
    2014-11-17 17:17 - 2009-12-06 14:13 - 01145096 _____ () C:\imddup.exe
    2014-11-17 17:17 - 2004-04-16 12:10 - 00229376 _____ () C:\libjasper.dll
    2014-11-17 17:13 - 2014-11-17 17:13 - 00916229 _____ () C:\Users\Tony\Downloads\image_deduplicator_15(1).zip
    2014-11-17 17:10 - 2014-11-17 17:10 - 00245248 _____ () C:\Users\Tony\Downloads\DuplicateDestroyer.msi
    2014-11-17 17:07 - 2014-11-17 17:07 - 00916229 _____ () C:\Users\Tony\Downloads\image_deduplicator_15.zip
    2014-11-17 15:25 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-17 15:25 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-17 15:25 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-17 15:25 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-17 15:25 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-17 15:25 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-17 15:25 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-17 15:24 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-17 15:24 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-17 15:24 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-17 15:24 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-17 15:24 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-17 15:24 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-17 15:24 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-17 15:24 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-17 15:24 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-17 15:23 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-17 15:23 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-17 15:23 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-17 15:23 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-17 15:23 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-17 15:23 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-17 15:23 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-17 15:23 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-17 15:22 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-17 15:22 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-17 15:22 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-17 15:22 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-17 15:22 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-17 15:22 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-17 15:22 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-17 15:22 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-17 15:22 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-17 15:22 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-17 15:22 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-17 15:22 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-17 15:22 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-17 15:22 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-17 15:22 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-17 15:22 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-17 15:22 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-17 15:22 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-17 15:22 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-17 15:22 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-17 15:22 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-17 15:22 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-17 15:22 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-17 15:22 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-17 15:22 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-17 15:22 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-17 15:22 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-17 15:22 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-17 15:22 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-17 15:22 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-17 15:22 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-17 15:22 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-17 15:22 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-17 15:22 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-17 15:22 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-17 15:22 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-17 15:22 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-17 15:22 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-17 15:22 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-17 15:22 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-17 15:22 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-17 15:22 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-17 15:22 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-17 15:22 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-17 15:22 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-17 15:22 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-17 15:22 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-17 15:22 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-17 15:21 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-17 15:21 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-17 15:21 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-17 15:21 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-17 15:21 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-17 15:21 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-17 15:21 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-17 15:21 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-17 15:21 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-17 15:20 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-17 15:20 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-17 15:20 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-17 15:20 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-17 15:20 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-17 15:20 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-17 15:20 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-17 15:20 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-17 15:16 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-17 15:16 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-17 15:03 - 2014-11-17 15:03 - 00002649 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Finder.lnk
    2014-11-17 15:03 - 2014-11-17 15:03 - 00000000 ____D () C:\Program Files (x86)\Renegade Minds
    2014-11-17 14:57 - 2014-11-17 14:57 - 00575991 _____ () C:\Users\Tony\Downloads\DuplicatePhotoFinder.zip
    2014-11-11 11:56 - 2014-11-30 09:55 - 00007596 _____ () C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
    2014-11-10 18:44 - 2014-11-10 18:44 - 00000180 _____ () C:\Users\Tony\Desktop.lnk
    2014-11-06 15:46 - 2014-11-06 15:46 - 00001018 _____ () C:\Users\Tony\Desktop\File Shredder.lnk
    2014-11-06 15:01 - 2014-11-21 22:36 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\I2P
    2014-11-06 14:57 - 2014-11-06 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I2P

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-02 00:03 - 2014-09-06 08:02 - 01359233 _____ () C:\Windows\WindowsUpdate.log
    2014-12-01 23:51 - 2014-07-12 14:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-01 23:25 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-01 23:25 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-01 23:20 - 2014-07-12 14:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-01 23:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-01 12:00 - 2014-07-06 09:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-30 23:59 - 2014-08-09 11:38 - 00000000 ____D () C:\Users\Tony\AppData\Roaming\vlc
    2014-11-30 22:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
    2014-11-30 10:09 - 2014-02-28 09:35 - 00000646 __RSH () C:\Users\Tony\ntuser.pol
    2014-11-30 10:09 - 2012-02-17 08:54 - 00000000 ____D () C:\Users\Tony
    2014-11-27 16:00 - 2013-09-07 16:14 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-11-27 16:00 - 2012-03-22 15:20 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-11-27 16:00 - 2012-03-22 15:20 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-19 16:43 - 2013-10-22 08:45 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-19 16:32 - 2014-10-08 14:45 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-11-19 16:30 - 2013-02-01 16:28 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-18 14:19 - 2014-10-24 20:52 - 00000000 ____D () C:\Windows\rescache
    2014-11-18 10:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-11-18 10:04 - 2014-10-16 17:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-18 08:44 - 2009-07-14 05:45 - 00289416 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-18 00:13 - 2013-08-15 16:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-18 00:06 - 2010-12-19 03:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-17 19:46 - 2014-07-12 14:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-17 19:45 - 2014-07-12 14:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-17 16:53 - 2014-04-04 11:26 - 00040960 _____ () C:\Windows\DelPiv.exe
    2014-11-11 11:55 - 2013-03-20 08:52 - 00000000 ____D () C:\Windows\pss
    2014-11-10 20:17 - 2013-02-12 16:43 - 00746030 _____ () C:\Windows\system32\perfh00C.dat
    2014-11-10 20:17 - 2013-02-12 16:43 - 00149922 _____ () C:\Windows\system32\perfc00C.dat
    2014-11-10 20:17 - 2009-07-14 06:13 - 01669656 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-04 14:30 - 2010-12-19 02:55 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


    LastRegBack: 2014-11-27 13:54

    ==================== End Of Log ============================


    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Here is the addition report :

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
    Ran by Tony at 2014-12-02 00:09:32
    Running from C:\Users\Tony\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Baidu Antivirus (Disabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{78E9970B-4395-61A6-B912-1CC406174773}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
    Bullzip PDF Printer 9.0.0.1437 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.0.0.1437 - Bullzip)
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    CDex extraction audio (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
    Contact Sheets 1.7.0.1 (HKLM-x32\...\{6A18FC1F-DFDC-4F76-96E0-58414F7C02EA}) (Version: 1.0.0 - Echo Images)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
    Dia (supprimer uniquement) (HKLM-x32\...\Dia) (Version: - )
    diashapes (HKLM-x32\...\diashapes) (Version: 0.3.0 - Steffen Macke)
    D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{D9198056-A296-4583-A790-C0E73694CFE8}) (Version: - D-Link)
    Duplicate Photo Finder (HKLM-x32\...\{EB39E35A-507A-4A73-928B-DFCE00D51FDC}) (Version: 1.3.0 - Renegade Minds)
    encodeur Real Video Producer (HKLM-x32\...\encodeur Real Video Producer) (Version: - )
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
    Freenet (HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\Freenet) (Version: - )
    FreeOTFE (HKLM-x32\...\FreeOTFE) (Version: - Sarah Dean)
    Google Chrome (HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google SketchUp 8 (HKLM-x32\...\{1292B4A7-C072-413A-B1D0-A1BE7FB516B9}) (Version: 3.0.11758 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Grabber version 3.2.1 (HKLM-x32\...\{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1) (Version: 3.2.1 - Bionus)
    iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    iPhone Backup Utility (HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\b668971250794e8a) (Version: 1.0.0.6 - Inforall.net Software)
    iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
    Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Logiciel d'archivage WinRAR (HKLM\...\WinRAR archiver) (Version: - )
    Ma-Config.com (HKLM-x32\...\{5490454C-6DAF-464D-9C51-2AA7E34DDD7D}) (Version: 5.2.018 - Cybelsoft)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
    Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.216 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MKVtoolnix 3.2.0 (HKLM-x32\...\MKVtoolnix) (Version: 3.2.0 - Moritz Bunkus)
    Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 fr)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    Mozilla Thunderbird 10.0.2 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 10.0.2 (x86 fr)) (Version: 10.0.2 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 7 Ultra Edition (HKLM-x32\...\{06024F70-15BC-4447-B53A-F1A7BBA21033}) (Version: 7.02.6387 - Nero AG)
    OpenSSL 1.0.1c (32-bit) (HKLM-x32\...\OpenSSL (32-bit)_is1) (Version: - OpenSSL Win32 Installer Team)
    paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
    PDF Reader for Windows 7 (HKLM-x32\...\PDF Reader for Windows_is1) (Version: - PDFLogic Corporation)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
    Ri4m v5.0.1d (HKLM-x32\...\Ri4m v5.0.1d) (Version: - )
    Ripp-It Codec Pack v 4.2.7 (HKLM-x32\...\Ripp-It Codec Pack) (Version: v 4.2.7 - Ripp-It Te@m)
    SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.18.0 - Synaptics)
    Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
    WD My Cloud (HKLM\...\{9F78524D-D5CD-4BC6-9A26-5F24265C5C30}) (Version: 1.0.5.41 - Western Digital Technologies, Inc.)
    What's my computer doing 1.xx (HKLM-x32\...\{3F702F22-A623-4B6A-41BD-420700558223}_is1) (Version: - ITSTH)
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
    Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
    XMedia Recode version 3.1.1.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.1.8 - XMedia Recode)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-194893992-623586184-2154427634-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-194893992-623586184-2154427634-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tony\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    27-11-2014 13:00:09 Scheduled Checkpoint
    27-11-2014 13:42:25 Windows Update
    01-12-2014 21:46:03 Windows Update
    01-12-2014 21:48:18 Removed iPhoneBrowser

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2014-09-11 08:16 - 00001113 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 search.namequery.com
    127.0.0.1 search.us.namequery.com
    127.0.0.1 search64.namequery.com
    127.0.0.1 bh.namequery.com
    127.0.0.1 namequery.nettrace.co.za
    127.0.0.1 search2.namequery.com
    127.0.0.1 m229.absolute.com
    127.0.0.1 m*.absolute.com
    127.0.0.1 209.53.113.223


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {122ED7F6-0E3B-41BD-A20F-FCC81049DB88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {3273D6E7-164C-47B6-8F25-3E483CB1A390} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)
    Task: {4771B487-4480-42A0-8CF1-C1EDCFB375D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {50729719-F262-4548-8224-1A42B5F82F58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
    Task: {88FFFE33-BE9A-4046-AD03-F82DE1981ACC} - \BitGuard No Task File <==== ATTENTION
    Task: {8F0D1BF9-B6CF-4ED8-8146-FA27DA2308DB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {9CB7ED81-6A70-4A9C-82DA-8941943D19FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {A63DE0CE-74ED-436B-8C23-5F2DAE1688D3} - \EPUpdater No Task File <==== ATTENTION
    Task: {D915BCBC-4337-49F8-B12C-175B1E12C77C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003Core => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
    Task: {EAA0665C-48D1-478B-B1FB-8E665B4F4BF2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003UA => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003Core.job => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003UA.job => C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-04-14 01:41 - 2011-04-14 01:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
    2008-09-09 10:22 - 2008-09-09 10:22 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
    2010-12-30 07:25 - 2011-04-14 01:40 - 00968192 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssb3mdu.dll
    2012-10-31 16:56 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
    2014-05-14 11:03 - 2012-03-31 23:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
    2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2012-02-14 22:13 - 2012-02-14 22:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
    2014-10-17 03:10 - 2014-10-17 03:10 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
    2012-03-20 11:12 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    AlternateDataStreams: C:\Users\Tony\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3
    AlternateDataStreams: C:\Users\Tony\My Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: maconfservice => 3
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^What's my computer doing.lnk => C:\Windows\pss\What's my computer doing.lnk.CommonStartup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: avast5 => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Google Update => "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-194893992-623586184-2154427634-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-194893992-623586184-2154427634-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-194893992-623586184-2154427634-1002 - Limited - Enabled)
    Tony (S-1-5-21-194893992-623586184-2154427634-1003 - Administrator - Enabled) => C:\Users\Tony

    ==================== Faulty Device Manager Devices =============

    Name: Contrôleur de stockage de masse
    Description: Contrôleur de stockage de masse
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/01/2014 10:49:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (12/01/2014 10:46:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (11/30/2014 10:55:18 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: La création du contexte d’activation a échoué pour «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1*». Erreur dans le fichier de manifeste ou de stratégie «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2*» à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
    Les composants en conflit sont :
    Composant 1*: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Composant 2*: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (11/30/2014 06:58:09 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: La création du contexte d’activation a échoué pour «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1*». Erreur dans le fichier de manifeste ou de stratégie «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2*» à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
    Les composants en conflit sont :
    Composant 1*: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Composant 2*: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (11/30/2014 10:41:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante PSIA.exe, version : 3.0.0.9016, horodatage : 0x52a1d50f
    Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea8e7
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000332b0
    ID du processus défaillant : 0x1070
    Heure de début de l’application défaillante : 0xPSIA.exe0
    Chemin d’accès de l’application défaillante : PSIA.exe1
    Chemin d’accès du module défaillant: PSIA.exe2
    ID de rapport : PSIA.exe3

    Error: (11/20/2014 02:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante PSIA.exe, version : 3.0.0.9016, horodatage : 0x52a1d50f
    Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea8e7
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x000332b0
    ID du processus défaillant : 0xb50
    Heure de début de l’application défaillante : 0xPSIA.exe0
    Chemin d’accès de l’application défaillante : PSIA.exe1
    Chemin d’accès du module défaillant: PSIA.exe2
    ID de rapport : PSIA.exe3

    Error: (11/18/2014 00:00:45 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante plugin-container.exe, version : 30.0.0.5269, horodatage : 0x53914233
    Nom du module défaillant : mozalloc.dll, version : 30.0.0.5269, horodatage : 0x53911393
    Code d’exception : 0x80000003
    Décalage d’erreur : 0x0000141b
    ID du processus défaillant : 0x111c
    Heure de début de l’application défaillante : 0xplugin-container.exe0
    Chemin d’accès de l’application défaillante : plugin-container.exe1
    Chemin d’accès du module défaillant: plugin-container.exe2
    ID de rapport : plugin-container.exe3

    Error: (11/17/2014 07:34:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante RichCopy64.exe, version : 4.0.217.0, horodatage : 0x4a2fa7b5
    Nom du module défaillant : RichCopy64.exe, version : 4.0.217.0, horodatage : 0x4a2fa7b5
    Code d’exception : 0xc000041d
    Décalage d’erreur : 0x0000000000091c3e
    ID du processus défaillant : 0x133c
    Heure de début de l’application défaillante : 0xRichCopy64.exe0
    Chemin d’accès de l’application défaillante : RichCopy64.exe1
    Chemin d’accès du module défaillant: RichCopy64.exe2
    ID de rapport : RichCopy64.exe3

    Error: (11/17/2014 07:33:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nom de l’application défaillante RichCopy64.exe, version : 4.0.217.0, horodatage : 0x4a2fa7b5
    Nom du module défaillant : RichCopy64.exe, version : 4.0.217.0, horodatage : 0x4a2fa7b5
    Code d’exception : 0xc0000005
    Décalage d’erreur : 0x0000000000091c3e
    ID du processus défaillant : 0x133c
    Heure de début de l’application défaillante : 0xRichCopy64.exe0
    Chemin d’accès de l’application défaillante : RichCopy64.exe1
    Chemin d’accès du module défaillant: RichCopy64.exe2
    ID de rapport : RichCopy64.exe3

    Error: (11/10/2014 09:18:43 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: Impossible d’initialiser l’index.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (12/01/2014 11:18:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/01/2014 11:17:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Le service DgiVecp n’a pas pu démarrer en raison de l’erreur*:
    %%2

    Error: (12/01/2014 11:13:56 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: Le service Windows Modules Installer ne s’est pas fermé correctement après avoir reçu une commande d’anticipation de fermeture.

    Error: (12/01/2014 07:16:06 PM) (Source: iaStor) (EventID: 9) (User: )
    Description: Le périphérique \Device\Ide\iaStor0 n'a pas répondu dans le délai imparti.

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058

    Error: (12/01/2014 04:31:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: Le service Computer Browser dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur*:
    %%1058


    Microsoft Office Sessions:
    =========================
    Error: (10/14/2014 03:24:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6612.1000. This session lasted 837 seconds with 180 seconds of active time. This session ended with a crash.


    CodeIntegrity Errors:
    ===================================
    Date: 2012-10-27 17:47:00.284
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFE.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:59.941
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFE.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:59.629
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFECypherBlowfish.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:59.317
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFECypherBlowfish.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:58.990
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashMD.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:58.662
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashMD.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:58.303
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashSHA.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:57.976
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashSHA.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:57.632
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashWhirlpool.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

    Date: 2012-10-27 17:46:57.305
    Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\FreeOTFEHashWhirlpool.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz
    Percentage of memory in use: 54%
    Total physical RAM: 2046.43 MB
    Available physical RAM: 928.95 MB
    Total Pagefile: 4092.86 MB
    Available Pagefile: 2376.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:74.52 GB) (Free:12.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Data) (Fixed) (Total:73.06 GB) (Free:4.16 GB) NTFS
    Drive j: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:328.86 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: B113CA26)
    Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=73.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 3A86C879)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    I realise that all the system warning are in French... if it is a problem I can do my best to translate them for you !!!

    Thank you for your help.

    Anthony

  5. #5
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default

    Sorry ZEP516 I mis-spelled your name.
    I don't know where you are located, I live in France and it is half past midnight now.
    I am telleing you that because since I am going to get some rest, I will not be able to answer during the following 7H.
    Thank you again for your help.
    Anthony

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    OK,

    6 hour difference you're ahead of me. I'm in Pittsburgh, PA. United states of America on Eastern daylight time.

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
    Task: {88FFFE33-BE9A-4046-AD03-F82DE1981ACC} - \BitGuard No Task File <==== ATTENTION
    Task: {A63DE0CE-74ED-436B-8C23-5F2DAE1688D3} - \EPUpdater No Task File <==== ATTENTION
    AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    AlternateDataStreams: C:\Users\Tony\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3
    AlternateDataStreams: C:\Users\Tony\My Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {59be9c57-b541-11e0-8679-cafb50e577b4} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {cfe78379-ec9a-11e1-9ca7-001b38ae0541} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {de7e045d-a5b5-11e2-a1a5-0214e0fccbcf} - I:\Setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    
    Emptytemp:
    reboot:
    end
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


    After you post the Fixlog.txt.


    Then
    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.


    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. See Here how to disable you security protection (Anti Virus)

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    "information and logs"

    In your next post I need the following :

    >>>Log from Combofix<<<<< Please post it to me.
    Last edited by zep516; 12-01-2014 at 06:06 PM.

  7. #7
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default

    Good Morning ZEP516.

    I am in Lyon, France.

    I did the FRST procedure, but I encoutered a problem : while it was fixing the problems with the code you provided, Kaspersky antivirus started and detected it as a threat, bloced FRST from running and deleted the executable FRST file from the desktop.
    I stopped Kasprerky from running and had to reboot the computer because I couldnt stop FRST or Kaspersky from the task manager and both of them where tagged as "not responding".
    I reloaded FRST from the link you gave me and ran it again. It worked fine, rebooted the computer, and gave me the following log file :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
    Ran by Tony at 2014-12-02 09:38:12 Run:3
    Running from C:\Users\Tony\Desktop
    Loaded Profile: Tony (Available profiles: Tony & Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
    Task: {88FFFE33-BE9A-4046-AD03-F82DE1981ACC} - \BitGuard No Task File <==== ATTENTION
    Task: {A63DE0CE-74ED-436B-8C23-5F2DAE1688D3} - \EPUpdater No Task File <==== ATTENTION
    AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
    AlternateDataStreams: C:\Users\Tony\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3
    AlternateDataStreams: C:\Users\Tony\My Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {59be9c57-b541-11e0-8679-cafb50e577b4} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {cfe78379-ec9a-11e1-9ca7-001b38ae0541} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-194893992-623586184-2154427634-1003\...\MountPoints2: {de7e045d-a5b5-11e2-a1a5-0214e0fccbcf} - I:\Setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    Emptytemp:
    reboot:
    end
    *****************

    Processes closed successfully.

    L'op‚ration a r‚ussi.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88FFFE33-BE9A-4046-AD03-F82DE1981ACC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88FFFE33-BE9A-4046-AD03-F82DE1981ACC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63DE0CE-74ED-436B-8C23-5F2DAE1688D3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63DE0CE-74ED-436B-8C23-5F2DAE1688D3}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully.
    C:\Windows\System32 => ":{4B9A1497-0817-47C4-9612-D6A1C53ACF57}" ADS removed successfully.
    "C:\Users\Tony\Documents" => ":{2C848322-7882-41E2-AFF6-B060B946FEE9}3" ADS not found.
    "C:\Users\Tony\My Documents" => ":{2C848322-7882-41E2-AFF6-B060B946FEE9}3" ADS not found.
    "HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59be9c57-b541-11e0-8679-cafb50e577b4}" => Key deleted successfully.
    "HKCR\CLSID\{59be9c57-b541-11e0-8679-cafb50e577b4}" => Key not found.
    "HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfe78379-ec9a-11e1-9ca7-001b38ae0541}" => Key deleted successfully.
    "HKCR\CLSID\{cfe78379-ec9a-11e1-9ca7-001b38ae0541}" => Key not found.
    "HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de7e045d-a5b5-11e2-a1a5-0214e0fccbcf}" => Key deleted successfully.
    "HKCR\CLSID\{de7e045d-a5b5-11e2-a1a5-0214e0fccbcf}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
    "HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-194893992-623586184-2154427634-1003\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
    DgiVecp => Service deleted successfully.
    NDSPCIIO => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    EmptyTemp: => Removed 401.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

    -----------------------------------------------------------------------------------------------------------------------------

    Then I downloaded the combofix from the first link and ran it (because the kasperky antivirus is still disabled).
    It gave me 2 warnings :

    the first one said :
    "Combofix has detected that the following real time scanner(s) to be active
    antivirus Baidu Antivirus
    Antivirus annd intrusion prevention programs are known to interfere with comboxFix running.This may lead to unpredicable results or possible machine damage.

    Please disable these scanners before clicking 'OK' "

    I removed Baidu antivirus a few days ago.. so I checked in the task manager if I saw anything but haven't found anything...
    So I cliked OK.

    Then a second popup screen appeared saying :

    "antivirus: Baidu Antivirus
    The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note taht this is at your own risk."

    I clicked OK and combofix ran without problem.

    It restarted the computer and finished it's task by producing the following log :

    ComboFix 14-12-01.01 - Tony 02/12/2014 10:06:50.1.2 - x64
    Microsoft Windows*7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.2046.871 [GMT 1:00]
    Running from: c:\users\Tony\Desktop\ComboFix.exe
    AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
    SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\ma-config.com
    c:\program files (x86)\ma-config.com\config.xml
    c:\program files (x86)\ma-config.com\CPUID\cpuidsdk.dll
    c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2.sys
    c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2ia64.sys
    c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.cat
    c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys
    c:\program files (x86)\ma-config.com\Drivers\matos9x.vxd
    c:\program files (x86)\ma-config.com\Langues\LangueMC_ar.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_de.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_en.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_es.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_fr.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_pt.xml
    c:\program files (x86)\ma-config.com\Langues\LangueMC_ru.xml
    c:\program files (x86)\ma-config.com\ma-config.html
    c:\program files (x86)\ma-config.com\maconfservice.exe
    c:\program files (x86)\ma-config.com\MCATLActiveX.dll
    c:\program files (x86)\ma-config.com\MCBCL.dll
    c:\program files (x86)\ma-config.com\MCNoyau.dll
    c:\program files (x86)\ma-config.com\MCrypt.dll
    c:\program files (x86)\ma-config.com\MCSettings.exe
    c:\program files (x86)\ma-config.com\MCStubUser.exe
    c:\program files (x86)\ma-config.com\nphardwaredetection.dll
    c:\program files (x86)\ma-config.com\sqlite3.dll
    c:\program files (x86)\ma-config.com\StartDetection.html
    c:\program files (x86)\SafeSaver
    c:\programdata\ma-config.com
    c:\programdata\ma-config.com\Logs\activex.txt
    c:\programdata\ma-config.com\Logs\maconfservice.txt
    c:\programdata\ma-config.com\Logs\mcstubuser.txt
    c:\programdata\ma-config.com\Logs\npapi.txt
    c:\programdata\ma-config.com\mcbase.db
    c:\users\Tony\AppData\Roaming\dvdae
    c:\users\Tony\AppData\Roaming\dvdae\dvdae.lic
    J:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_driverhardwarev2x64
    -------\Legacy_driverhardwarev2x64
    -------\Service_driverhardwarev2x64
    -------\Service_maconfservice
    -------\Service_driverhardwarev2x64
    -------\Service_maconfservice
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-02 to 2014-12-02 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-01 23:06 . 2014-12-02 08:39 -------- d-----w- C:\FRST
    2014-12-01 21:45 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-12-01 21:45 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-12-01 15:24 . 2013-05-06 08:13 110176 ----a-w- c:\windows\system32\klfphc.dll
    2014-12-01 15:22 . 2014-12-01 15:22 -------- d-----w- c:\windows\ELAMBKUP
    2014-12-01 15:22 . 2014-12-01 15:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
    2014-12-01 15:22 . 2014-12-02 09:23 -------- d-----w- c:\programdata\Kaspersky Lab
    2014-12-01 15:21 . 2014-12-01 15:38 793800 ----a-w- c:\windows\system32\drivers\klif.sys
    2014-12-01 15:21 . 2014-12-01 15:38 141320 ----a-w- c:\windows\system32\drivers\klflt.sys
    2014-12-01 15:21 . 2014-04-10 16:25 243808 ----a-w- c:\windows\system32\drivers\klhk.sys
    2014-12-01 08:47 . 2014-12-01 08:47 -------- d-----w- C:\SUPERDelete
    2014-12-01 08:46 . 2014-12-01 08:46 -------- d-----w- c:\users\Tony\AppData\Roaming\SUPERAntiSpyware.com
    2014-12-01 08:45 . 2014-12-01 08:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2014-11-30 21:48 . 2014-11-30 21:48 -------- d-----w- c:\users\Tony\AppData\Roaming\Baidu
    2014-11-30 17:57 . 2014-11-30 17:57 2347384 ----a-w- C:\esetsmartinstaller_enu.exe
    2014-11-30 17:35 . 2014-11-30 17:36 416576 ----a-w- C:\kasp secur scan setup.exe
    2014-11-30 10:10 . 2014-11-30 10:10 333056 ----a-w- C:\pjjoint_uploader (1).exe
    2014-11-30 10:06 . 2014-11-30 10:06 388608 ----a-w- C:\HijackThis.exe
    2014-11-30 10:01 . 2014-11-30 10:02 333056 ----a-w- C:\pjjoint_uploader.exe
    2014-11-28 13:03 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{333097B9-627E-424A-B3BD-E07D6000DECB}\mpengine.dll
    2014-11-20 12:26 . 2014-11-20 12:26 -------- d-----w- c:\users\Tony\AppData\Local\Secunia PSI
    2014-11-20 12:25 . 2014-11-20 12:25 -------- d-----w- c:\program files (x86)\Secunia
    2014-11-19 16:19 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-19 16:19 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-19 16:19 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-19 16:19 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-19 15:41 . 2014-11-19 15:32 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-19 15:38 . 2014-11-19 15:38 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-11-18 08:48 . 2014-11-30 21:52 -------- d-----w- c:\programdata\Baidu Security
    2014-11-18 08:48 . 2014-11-18 08:48 -------- d-----w- c:\programdata\baidu
    2014-11-18 08:47 . 2014-11-18 08:47 -------- d-----w- c:\program files (x86)\Baidu Security
    2014-11-18 08:25 . 2014-11-18 08:25 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2014-11-17 18:09 . 2014-11-17 18:09 -------- d-----w- c:\program files (x86)\Microsoft Rich Tools
    2014-11-17 18:07 . 2014-11-17 18:07 -------- d-----w- C:\HoffmanUtilitySpotlight
    2014-11-17 17:15 . 2014-11-18 08:21 -------- d-----w- c:\users\Tony\AppData\Roaming\DigitalVolcano
    2014-11-17 16:17 . 2009-12-06 13:13 1145096 ----a-w- C:\imddup.exe
    2014-11-17 16:17 . 2004-04-16 11:10 229376 ----a-w- C:\libjasper.dll
    2014-11-17 14:25 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll
    2014-11-17 14:25 . 2014-09-19 09:42 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2014-11-17 14:25 . 2014-09-19 09:23 248832 ----a-w- c:\windows\SysWow64\schannel.dll
    2014-11-17 14:25 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2014-11-17 14:25 . 2014-09-19 09:42 210944 ----a-w- c:\windows\system32\wdigest.dll
    2014-11-17 14:25 . 2014-09-19 09:42 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2014-11-17 14:25 . 2014-09-19 09:23 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2014-11-17 14:25 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2014-11-17 14:25 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2014-11-17 14:25 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2014-11-17 14:25 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll
    2014-11-17 14:25 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    2014-11-17 14:24 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-11-17 14:24 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-17 14:24 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-11-17 14:24 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-11-17 14:24 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-17 14:24 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-11-17 14:24 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-11-17 14:24 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-11-17 14:24 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-11-17 14:23 . 2014-11-06 03:12 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-17 14:23 . 2014-11-06 03:09 276480 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
    2014-11-17 14:23 . 2014-11-06 03:30 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-17 14:23 . 2014-11-06 03:54 49664 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-11-17 14:23 . 2014-11-06 03:46 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-17 14:23 . 2014-11-06 04:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-17 14:23 . 2014-11-06 03:35 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-17 14:23 . 2014-11-06 03:02 221184 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
    2014-11-17 14:23 . 2014-11-06 02:41 716800 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-17 14:21 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2014-11-17 14:21 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-11-17 14:21 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-11-17 14:21 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-11-17 14:21 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
    2014-11-17 14:21 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
    2014-11-17 14:21 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-11-17 14:21 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-11-17 14:21 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-11-17 14:20 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-11-17 14:20 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-11-17 14:20 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-11-17 14:20 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    2014-11-17 14:20 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
    2014-11-17 14:20 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
    2014-11-17 14:20 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-11-17 14:20 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-11-17 14:16 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-11-17 14:16 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-11-17 14:03 . 2014-11-17 14:03 -------- d-----w- c:\program files (x86)\Renegade Minds
    2014-11-06 14:01 . 2014-11-21 21:36 -------- d-----w- c:\users\Tony\AppData\Roaming\I2P
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-01 11:00 . 2014-07-06 08:17 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-17 23:06 . 2010-12-19 02:02 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-11-17 15:53 . 2014-04-04 10:26 40960 ----a-w- c:\windows\DelPiv.exe
    2014-11-04 13:30 . 2010-12-19 01:55 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-21 07:31 . 2012-06-18 22:10 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-21 07:31 . 2011-06-19 17:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-01 09:11 . 2014-07-06 08:17 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-01 09:11 . 2014-07-06 08:17 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-01 09:11 . 2012-09-27 08:57 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-25 02:08 . 2014-10-20 21:25 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-20 21:25 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-09 22:11 . 2014-10-20 21:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-09 21:47 . 2014-10-20 21:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-09-09 08:23 . 2011-10-04 18:35 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-09-05 02:11 . 2014-10-23 16:13 6584320 ----a-w- c:\windows\system32\mstscax.dll
    2014-09-05 01:52 . 2014-10-23 16:13 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
    2014-09-04 05:23 . 2014-10-16 07:56 424448 ----a-w- c:\windows\system32\rastls.dll
    2014-09-04 05:04 . 2014-10-16 07:56 372736 ----a-w- c:\windows\SysWow64\rastls.dll
    2009-02-13 09:02 . 2009-02-13 09:02 80896 ----a-w- c:\program files\devcon_amd64.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoThumbnailCache"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 FreeOTFE;FreeOTFE;c:\windows\System32\FreeOTFE.sys;c:\windows\SYSNATIVE\FreeOTFE.sys [x]
    R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\System32\FreeOTFECypherBlowfish.sys;c:\windows\SYSNATIVE\FreeOTFECypherBlowfish.sys [x]
    R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\System32\FreeOTFEHashMD.sys;c:\windows\SYSNATIVE\FreeOTFEHashMD.sys [x]
    R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\System32\FreeOTFEHashSHA.sys;c:\windows\SYSNATIVE\FreeOTFEHashSHA.sys [x]
    R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\System32\FreeOTFEHashWhirlpool.sys;c:\windows\SYSNATIVE\FreeOTFEHashWhirlpool.sys [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\System32\FreeOTFECypherAES_ltc.sys;c:\windows\SYSNATIVE\FreeOTFECypherAES_ltc.sys [x]
    R3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\System32\FreeOTFECypherCAST5.sys;c:\windows\SYSNATIVE\FreeOTFECypherCAST5.sys [x]
    R3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\System32\FreeOTFECypherCAST6_Gladman.sys;c:\windows\SYSNATIVE\FreeOTFECypherCAST6_Gladman.sys [x]
    R3 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\System32\FreeOTFECypherDES.sys;c:\windows\SYSNATIVE\FreeOTFECypherDES.sys [x]
    R3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\System32\FreeOTFECypherMARS_Gladman.sys;c:\windows\SYSNATIVE\FreeOTFECypherMARS_Gladman.sys [x]
    R3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\System32\FreeOTFECypherRC6_ltc.sys;c:\windows\SYSNATIVE\FreeOTFECypherRC6_ltc.sys [x]
    R3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\System32\FreeOTFECypherSerpent_Gladman.sys;c:\windows\SYSNATIVE\FreeOTFECypherSerpent_Gladman.sys [x]
    R3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\System32\FreeOTFECypherTwofish_ltc.sys;c:\windows\SYSNATIVE\FreeOTFECypherTwofish_ltc.sys [x]
    R3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\System32\FreeOTFEHashRIPEMD.sys;c:\windows\SYSNATIVE\FreeOTFEHashRIPEMD.sys [x]
    R3 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\System32\FreeOTFEHashTiger.sys;c:\windows\SYSNATIVE\FreeOTFEHashTiger.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
    R3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys;c:\windows\SYSNATIVE\DRIVERS\SeqCal.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
    S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [x]
    S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_athwx.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 07:31]
    .
    2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-15 14:38]
    .
    2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-15 14:38]
    .
    2014-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003Core.job
    - c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 07:59]
    .
    2014-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-194893992-623586184-2154427634-1003UA.job
    - c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 07:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Ajouter à l'Anti-bannière - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\sp7bj24i.default\
    FF - prefs.js: browser.search.defaulturl - hxxps://fr.search.yahoo.com/yhs/search
    FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
    FF - prefs.js: browser.startup.homepage - hxxps://fr.yahoo.com?fr=hp-avast&type=avastbcl
    FF - prefs.js: keyword.URL - hxxps://fr.search.yahoo.com/yhs/search
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 4446
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 4444
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 4445
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
    c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Completion time: 2014-12-02 10:31:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-12-02 09:31
    .
    Pre-Run: 12*940*259*328 octets libres
    Post-Run: 12*040*986*624 octets libres
    .
    - - End Of File - - 0C132BA3A273BEE9EBF742D3CD87837D

    -----------------------------------------------------------------------------------------------------------------------------

    I think you must still be asleep now, so I am going to use the computer for a few hours to give you feedback about the changes.

    Thank you for your help.

    Anthony

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    I'm going to work. I'll look at this when I get home usually at 3pm USA time.

    Don't do anything to the computer.

    How is the computer now ?

    Joe

  9. #9
    Member
    Join Date
    Dec 2014
    Posts
    22
    Points
    0

    Default

    Hello Joe.

    I worked a bit with the computer (internet acces with CHROME and open a few documents).
    First of all the hard disk is not accessed as often and the overall speed (response time) of the machine seems to be much better.
    I lauched another hijack this to have a report and sent it through an automatic report cheking website (HijackThis Logfileauswertung) witch reports a lot of :
    "This entry is not running from the System32 folder, so it is probably nasty. This service (svchost.exe) seems to be nasty.
    This process is not running from the System32 folder as it is supposed to be."

    since it is an automatic checking, I am not sure of the results given...

    for your information, I still have SVCHOSTS processes that run and access the hard drive. If I do, under dos, tasklist /svc /fi "imagename eq svchost.exe"
    then I obtain the following :

    Nom de l'image PID Services
    ========================= ======== ============================================
    svchost.exe 952 DcomLaunch, PlugPlay, Power
    svchost.exe 1020 RpcEptMapper, RpcSs
    svchost.exe 872 AudioSrv, Dhcp, eventlog,
    HomeGroupProvider, lmhosts, wscsvc
    svchost.exe 1036 AudioEndpointBuilder, CscService,
    HomeGroupListener, IPBusEnum, Netman,
    PcaSvc, TrkWks, UxSms, Wlansvc
    svchost.exe 1084 EventSystem, fdPHost, FontCache, netprofm,
    nsi, SstpSvc, WdiServiceHost
    svchost.exe 1120 Browser, EapHost, IKEEXT, iphlpsvc,
    LanmanServer, ProfSvc, Schedule, seclogon,
    SENS, ShellHWDetection, Themes, Winmgmt,
    wuauserv
    svchost.exe 1220 gpsvc
    svchost.exe 1404 CryptSvc, Dnscache, LanmanWorkstation,
    NlaSvc
    svchost.exe 1640 BFE, DPS, MpsSvc
    svchost.exe 1896 Pml Driver HPZ12
    svchost.exe 1960 stisvc
    svchost.exe 1980 SysMain
    svchost.exe 2024 WinDefend
    svchost.exe 3216 PolicyAgent
    svchost.exe 756 FDResPub, SSDPSRV, wcncsvc
    svchost.exe 3104 p2pimsvc, p2psvc, PNRPsvc

    last I see that Chrome is also accessing the hard drive a lot even if there are one tab open (on Help2Go Forums - Welcome to Help2Go!) and I am not using it...

    I'll be looking for your message. Have a good day.

    Anthony

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Page 1 of 4 123 ... LastLast