Jump to content

Trojan.droper.BCminer DNSChanger-VJ infection


Recommended Posts

Hi,

Yesterday, Avast has started to display alerts about a DNSChanger-VJ type of trojan and Malware-gen. I did a scan and Avast found something in c:\Windows\Installer\ but it kept coming back after cleaning with Avast. So I installed MAM which identified Trojan.droper.BCminer but cannot get rid of (keeps coming after Windows restarts).

I desperately need your help to get rid of the threats that but first of all could you tell me if (1) I can safely copy some work files (MS Excel) and share them with colleagues and (2) work with my computer and avast system shield is protecting me for now.

Many thanks in advance for you help.

Please find below requested logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Olivier at 14:41:22 on 2012-06-10

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6058.3820 [GMT 7:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen

uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [OpAgent] "OpAgent.exe" /agent

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

StartupFolder: C:\Users\Olivier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\Users\Olivier\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITE~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 202.144.184.170 202.144.184.171 8.8.8.8

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50} : DhcpNameServer = 202.144.184.170 202.144.184.171 8.8.8.8

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\24F6579776575637024556C65636F6D6027596D26496 : DhcpNameServer = 194.158.122.10 194.158.122.15

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\34F6D6D6F6E67427F657E64637 : DhcpNameServer = 98.126.105.42 168.95.1.1

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\4716B656F59647F556163797 : DhcpNameServer = 192.168.30.1

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\84F6473507F6473416274756275647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\A4F6D616E22416B656279702341666567222C6F6675622 : DhcpNameServer = 192.168.11.1

TCP: Interfaces\{C9E1DA51-7C9F-4D34-BF28-8292645FAA50}\C414F527563747572716E647 : DhcpNameServer = 202.137.129.1 202.137.129.3

TCP: Interfaces\{CE158579-1D2D-4B40-A140-4E036969E2F5} : DhcpNameServer = 202.144.184.170 202.144.184.171 8.8.8.8

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

mRunOnce-x64: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\xu13o4a6.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (fr)

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Nitro PDF\Reader\npdf.dll

FF - plugin: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll

FF - plugin: C:\Users\Olivier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-22 98208]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-6 44768]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-3-25 204304]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-22 2009704]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-22 689472]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-22 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 IntcDAud;Son Intel® pour Écrans;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Pilote de carte de la sÉrie Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 129976]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-18 340240]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-06-10 03:35:49 -------- d-----w- C:\Users\Olivier\AppData\Roaming\SUPERAntiSpyware.com

2012-06-10 03:31:37 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-06-10 03:31:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-06-09 17:29:46 -------- d-----w- C:\Users\Olivier\AppData\Roaming\Malwarebytes

2012-06-09 17:29:40 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-09 17:29:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-09 17:29:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-03 13:03:42 -------- d-----w- C:\Program Files (x86)\Medieval CUE Splitter

2012-05-27 09:50:31 -------- d-----w- C:\Users\Olivier\AppData\Roaming\foobar2000

2012-05-23 10:02:37 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-17 13:12:07 -------- d-----w- C:\Users\Olivier\AppData\Roaming\mkvtoolnix

2012-05-16 10:50:51 -------- d-----w- C:\Users\Olivier\AppData\Roaming\DiskAid

2012-05-14 02:10:19 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-05-14 02:10:16 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-14 02:10:16 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-11 08:55:31 -------- d-----w- C:\Users\Olivier\AppData\Local\Strahinja Markovic

2012-05-11 08:54:52 -------- d-----w- C:\Program Files\Sigil

.

==================== Find3M ====================

.

2012-05-23 10:02:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-03 07:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-04-03 07:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2012-04-03 07:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-04-03 07:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-04-03 07:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2012-03-26 20:10:17 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-03-26 20:10:17 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-03-26 20:10:15 444952 ------w- C:\Windows\SysWow64\wrap_oal.dll

2012-03-26 20:10:11 109080 ------w- C:\Windows\SysWow64\OpenAL32.dll

2012-03-25 12:49:04 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll

.

============= FINISH: 14:41:54,18 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Édition Familiale Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 28/06/2011 19:52:44

System Uptime: 10/06/2012 14:22:28 (0 hours ago)

.

Motherboard: Dell Inc. | | 0NJT03

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 42,837 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

F: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP107: 31/05/2012 14:57:35 - Programme dinstallation pour les modules Windows

RP108: 03/06/2012 20:03:20 - Installed Medieval CUE Splitter

RP109: 10/06/2012 00:10:20 - Removed C64 Forever

RP110: 10/06/2012 00:15:12 - Removed Nuance PDF Create 7.

RP111: 10/06/2012 00:16:03 - Removed Nuance OmniPage 18.

RP112: 10/06/2012 00:20:17 - SupprimÉ Rayman Origins

.

==== Installed Programs ======================

.

AccelerometerP11

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Photoshop Elements 9

Adobe Reader X (10.1.0) MUI

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

AndreaMosaic Professional Beta 3.33.8

avast! Free Antivirus

calibre

Contrôle ActiveX Windows Live Mesh pour connexions à distance

D3DX10

DAEMON Tools Lite

dBpoweramp DSP Effects

dBpoweramp FLAC Codec

dBpoweramp m4a Codec

dBpoweramp Music Converter

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

Dell Webcam Central

Elements 9 Organizer

Elements STI Installer

foobar2000 v1.1.12a

FreeCommander 2009.02b

FreeFileSync v3.17

Galerie de photos Windows Live

GetFoldersize 2.4.0

ImgBurn

Intel® Management Engine Components

Intel® Processor Graphics

IrfanView (remove only)

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.61.0.1400

Medieval CUE Splitter

Mesh Runtime

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Stereoscopic 3D Driver

OpenAL

Rapture3D 2.4.8 Game

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype 5.8

swMSM

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TrueCrypt

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

VLC media player 2.0.1

VMware Workstation

Windows Live

Windows Live Communications Platform

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Link to post
Share on other sites

Hello ronjames and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

(1) I can safely copy some work files (MS Excel) and share them with colleagues and (2) work with my computer and avast system shield is protecting me for now.

No problem to share this file, but we recommend waiting for the usual work with your system until it is cleaned.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

Hi Maniac, thanks for taking care of my problem. I've noticed the Trojan shows no activity (at least avast des not detect any) when the computer is disconnected from the network (in case it helps). Please find below the requested logs.

Olivier

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.09.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Olivier :: XPS [administrator]

11/06/2012 01:10:48

mbam-log-2012-06-11 (01-10-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223206

Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

======================================

OTL logfile created on: 11/06/2012 01:20:12 - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Olivier\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,92 Gb Total Physical Memory | 3,78 Gb Available Physical Memory | 63,96% Memory free

11,83 Gb Paging File | 9,35 Gb Available in Paging File | 79,06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 683,89 Gb Total Space | 173,83 Gb Free Space | 25,42% Space Free | Partition Type: NTFS

Drive G: | 931,28 Gb Total Space | 360,44 Gb Free Space | 38,70% Space Free | Partition Type: FAT32

Drive H: | 14,96 Gb Total Space | 10,35 Gb Free Space | 69,22% Space Free | Partition Type: FAT32

Drive J: | 465,76 Gb Total Space | 98,02 Gb Free Space | 21,05% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Olivier | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 01:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe

PRC - [2011/11/29 01:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/08/02 14:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

PRC - [2011/06/06 17:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/02/19 15:37:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/02/18 16:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/12/21 06:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/21 06:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/17 22:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/11 18:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010/11/11 18:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010/11/11 18:47:32 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

PRC - [2010/11/11 18:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010/11/11 17:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010/09/30 08:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/08/27 04:45:22 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

PRC - [2010/08/21 06:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/08/20 06:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2010/08/12 06:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2009/02/24 00:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/14 15:42:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MOD - [2012/03/14 15:41:58 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MOD - [2012/03/14 15:41:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012/03/14 15:41:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012/03/14 15:41:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/03/14 15:41:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/03/14 15:41:31 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MOD - [2012/03/14 15:41:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012/03/14 15:41:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011/10/27 09:21:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/02/19 15:37:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2010/12/17 22:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2010/11/13 07:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/08/12 06:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2010/08/12 06:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2010/08/12 06:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2010/08/12 06:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2010/08/12 06:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2010/08/12 06:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2010/08/12 06:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll

MOD - [2010/08/12 06:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll

MOD - [2010/08/12 06:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2010/08/12 06:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/25 19:49:22 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)

SRV:64bit: - [2012/03/12 04:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdagent)

SRV:64bit: - [2011/11/29 01:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/08/12 06:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2010/12/18 02:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/12/18 02:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/12/18 02:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2010/11/30 03:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2010/09/23 06:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/11/18 09:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012/05/14 09:10:17 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/06/06 17:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/02/19 15:37:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/02/18 16:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/12/21 06:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/12/21 06:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/11/11 18:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 18:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 18:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 17:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/09/30 08:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/08/26 08:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010/08/21 06:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2010/08/19 18:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010/03/18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2012/02/29 15:09:56 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2011/11/29 00:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/11/29 00:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/11/29 00:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/11/29 00:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/11/29 00:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/11/29 00:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/08/07 07:19:47 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/07/22 23:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)

DRV:64bit: - [2011/07/13 04:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)

DRV:64bit: - [2011/03/11 13:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 13:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/19 15:37:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/02/11 05:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/11 05:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/01/28 15:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/13 08:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/22 16:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Pilote de carte de la série Intel®

DRV:64bit: - [2010/12/18 00:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/12/16 00:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2010/12/14 00:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010/12/12 21:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)

DRV:64bit: - [2010/12/01 05:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/30 03:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/21 10:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 10:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/21 10:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 10:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/12 19:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/11/11 18:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/11/11 18:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/11/11 18:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/11/11 18:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/11/11 17:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/11/11 15:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010/11/11 15:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010/11/11 15:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/10/20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/16 07:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Son Intel®

DRV:64bit: - [2010/08/20 16:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010/08/12 22:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2010/07/13 09:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)

DRV:64bit: - [2010/03/19 15:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/27 22:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 08:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/24 23:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2006/11/02 00:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/08/19 18:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 23:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A16F640-01C7-4346-9ADC-53BEF09A2730}

IE:64bit: - HKLM\..\SearchScopes\{5A16F640-01C7-4346-9ADC-53BEF09A2730}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {5A16F640-01C7-4346-9ADC-53BEF09A2730}

IE - HKLM\..\SearchScopes\{5A16F640-01C7-4346-9ADC-53BEF09A2730}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1565397871-3433680951-2880713604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen

IE - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen

IE - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001\..\SearchScopes,DefaultScope = {5A16F640-01C7-4346-9ADC-53BEF09A2730}

IE - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (fr)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Olivier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/06 09:39:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/14 09:10:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2011/06/28 20:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\mozilla\Extensions

[2012/06/06 11:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\mozilla\Firefox\Profiles\xu13o4a6.default\extensions

[2012/04/02 20:43:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Olivier\AppData\Roaming\mozilla\Firefox\Profiles\xu13o4a6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/10/16 11:59:35 | 000,000,000 | ---D | M] (Dictionnaire français «Classique & Réforme 1990») -- C:\Users\Olivier\AppData\Roaming\mozilla\Firefox\Profiles\xu13o4a6.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org

[2011/11/07 08:27:54 | 000,002,019 | ---- | M] () -- C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\xu13o4a6.default\searchplugins\duckduckgo-html.xml

[2012/06/06 11:34:11 | 000,002,018 | ---- | M] () -- C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\xu13o4a6.default\searchplugins\orthonet-lexique-fr.xml

[2011/09/02 18:30:27 | 000,001,029 | ---- | M] () -- C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\xu13o4a6.default\searchplugins\wikipedia-fr.xml

[2012/03/21 10:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/20 15:19:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/12/06 09:39:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/06/06 11:32:03 | 000,525,079 | ---- | M] () (No name found) -- C:\USERS\OLIVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XU13O4A6.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012/01/11 20:33:36 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\OLIVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XU13O4A6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/05/14 09:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 13:54:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/11 07:10:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/06/30 20:28:17 | 000,006,897 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21

O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247

O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30

O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26

O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40

O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com #192.150.22.40

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com #192.150.22.40

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com #192.150.14.69

O1 - Hosts: 127.0.0.1 ereg.adobe.com #192.150.18.103

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com #192.150.18.63

O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com #192.150.18.103

O1 - Hosts: 127.0.0.1 practivate.adobe.com #192.150.18.54

O1 - Hosts: 127.0.0.1 www.wip3.adobe.com #192.150.8.60

O1 - Hosts: 127.0.0.1 www.wip4.adobe.com #192.150.18.200

O1 - Hosts: 127.0.0.1 www.adobeereg.com #75.125.24.83

O1 - Hosts: 127.0.0.1 adobeereg.com #207.66.2.10

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com #192.150.14.174

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32

O1 - Hosts: 93 more lines...

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler File not found

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001..\Run: [OpAgent] "OpAgent.exe" /agent File not found

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)

O4 - HKLM..\RunOnce: [sTToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Moniteur de la technologie Intel® Turbo Boost 2.0.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1565397871-3433680951-2880713604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE158579-1D2D-4B40-A140-4E036969E2F5}: DhcpNameServer = 202.144.184.170 202.144.184.171 8.8.8.8

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{ccbd3f46-5f97-11e1-86d1-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{ccbd3f46-5f97-11e1-86d1-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{d70bd6df-c08a-11e0-a1c7-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{d70bd6df-c08a-11e0-a1c7-005056c00008}\Shell\AutoRun\command - "" = E:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 01:17:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe

[2012/06/10 10:35:49 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/10 10:31:41 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/10 10:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/10 10:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/10 00:29:46 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Malwarebytes

[2012/06/10 00:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/10 00:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/10 00:29:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/10 00:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/03 20:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software

[2012/06/03 20:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medieval CUE Splitter

[2012/05/27 16:50:31 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\foobar2000

[2012/05/23 16:28:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/05/17 20:12:07 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\mkvtoolnix

[2012/05/16 17:50:51 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\DiskAid

[2012/05/14 09:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/14 09:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 01:23:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/11 01:23:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/11 01:16:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/11 01:16:05 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/11 01:02:15 | 001,670,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/11 01:02:15 | 000,748,202 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2012/06/11 01:02:15 | 000,655,044 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/11 01:02:15 | 000,150,214 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2012/06/11 01:02:15 | 000,122,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/10 10:31:45 | 000,001,810 | ---- | M] () -- C:\Users\Olivier\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/10 01:28:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe

[2012/06/10 00:46:06 | 000,272,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/10 00:29:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 20:03:43 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\Medieval CUE Splitter.lnk

[2012/05/27 16:49:39 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk

[2012/05/19 14:48:39 | 710,948,624 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 10:31:45 | 000,001,810 | ---- | C] () -- C:\Users\Olivier\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/06/10 00:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000008.@

[2012/06/10 00:29:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/09 22:07:23 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@

[2012/06/09 22:07:06 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\000000cb.@

[2012/06/09 22:07:05 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@

[2012/06/03 20:03:43 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\Medieval CUE Splitter.lnk

[2012/05/27 16:49:39 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk

[2012/05/27 16:49:39 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk

[2012/03/14 14:48:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@

[2011/10/31 20:56:54 | 000,003,596 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat

[2011/08/03 01:19:19 | 000,005,632 | ---- | C] () -- C:\Users\Olivier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/24 18:16:30 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat

[2011/07/24 18:15:22 | 000,008,463 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat

[2011/07/24 18:15:20 | 001,070,456 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2011/07/24 18:15:20 | 000,013,287 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/06/22 17:58:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/06/22 17:58:04 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/06/22 17:58:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/06/22 17:58:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/12 17:53:55 | 001,649,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/11/27 17:34:54 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\AndreaMosaic

[2012/02/25 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\avidemux

[2012/05/11 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\calibre

[2011/06/28 22:05:25 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\DAEMON Tools Lite

[2011/12/13 08:05:40 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\dBpoweramp

[2012/04/18 09:23:35 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Digiarty

[2012/05/16 18:02:18 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\DiskAid

[2012/04/26 10:46:03 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Downloaded Installations

[2012/05/22 10:46:38 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Dropbox

[2012/06/09 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\foobar2000

[2011/11/27 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\FreeCommander

[2011/11/23 08:31:53 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\FreeFileSync

[2011/12/07 10:23:09 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\GetFoldersize

[2011/08/26 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\ImgBurn

[2011/11/27 17:21:49 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\IrfanView

[2012/05/17 20:12:07 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\mkvtoolnix

[2012/06/09 16:57:09 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Nitro PDF

[2012/03/23 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Nuance

[2011/11/10 16:48:04 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\onOne Software

[2011/09/15 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PCDr

[2011/11/18 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PearlMountainSoft

[2011/07/04 02:57:13 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Rovio

[2012/03/23 14:51:45 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\ScanSoft

[2012/02/29 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\TrueCrypt

[2012/06/10 00:15:54 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Zeon

[2012/03/14 15:37:21 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A303874F

< End of report >

======================================

OTL Extras logfile created on: 11/06/2012 01:20:12 - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Olivier\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,92 Gb Total Physical Memory | 3,78 Gb Available Physical Memory | 63,96% Memory free

11,83 Gb Paging File | 9,35 Gb Available in Paging File | 79,06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 683,89 Gb Total Space | 173,83 Gb Free Space | 25,42% Space Free | Partition Type: NTFS

Drive G: | 931,28 Gb Total Space | 360,44 Gb Free Space | 38,70% Space Free | Partition Type: FAT32

Drive H: | 14,96 Gb Total Space | 10,35 Gb Free Space | 69,22% Space Free | Partition Type: FAT32

Drive J: | 465,76 Gb Total Space | 98,02 Gb Free Space | 21,05% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Olivier | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1CCB840B-79D4-42B2-875A-48D6ED50406F}" = rport=139 | protocol=6 | dir=out | app=system |

"{2893FD6B-CCB2-4DD1-919C-1E2FF8A254B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{305B6389-4AA9-48BE-A982-8976058ADBB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{3373DE8E-97CB-4E3E-8A53-B6CEF255C6F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5B04449E-010B-48E5-BCCD-600D8F07EE0B}" = lport=138 | protocol=17 | dir=in | app=system |

"{78DFDB08-AE7A-45AA-9108-DD663B279CD4}" = lport=137 | protocol=17 | dir=in | app=system |

"{87A150B6-4172-40A0-99C0-F2D44928A03F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{89826D26-CF5D-4820-BB49-D40AD1A7FA63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8C48E046-89A1-4CC6-8CE5-5C39C7FB6D27}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{979438F9-1E46-4A30-AA17-34F17FA4451E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A2153882-0AFE-4518-A200-BE7827C59122}" = rport=138 | protocol=17 | dir=out | app=system |

"{A31158C3-05B2-4C6C-BC7D-1AEFAFE3C50D}" = rport=137 | protocol=17 | dir=out | app=system |

"{BC3E7B94-0A75-4536-BACA-E716B8E07CE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D1B96C48-56B8-4AB5-8F08-CA6F1CBD80A1}" = lport=445 | protocol=6 | dir=in | app=system |

"{D91B8958-F595-41AC-BF24-A2DAEA438736}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{E044A0E9-3291-4686-A374-ED46670D5972}" = rport=445 | protocol=6 | dir=out | app=system |

"{FDFB1739-4AEF-4206-BE1B-1E1F439A6B53}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{023501BD-72C5-4C56-872F-D47C399827F6}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{030C88B7-4DBD-4BF6-B3A9-DEDCF76DFAA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{0AF4647B-BE34-4AC2-AB41-64334D81103C}" = protocol=17 | dir=in | app=c:\users\olivier\appdata\roaming\dropbox\bin\dropbox.exe |

"{0BEA2566-1CE4-475C-9DDF-5695ACB60427}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{0D9961A8-B5BF-4569-A31B-2B90AEFF8F31}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{0FF315D2-4A9D-423B-A2A8-4308BA267BA7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{190A8108-24D6-42B4-819E-68D190D6B2EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{23D313CC-F5C2-4EED-A11F-5EA2DC54D8F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2E211C18-0A99-4979-A94D-6727568A1472}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{4DA5C5D6-7357-4206-8562-EC4BE714F611}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{52E803CC-B6E1-460F-B32E-0895D8FFD4C7}" = protocol=6 | dir=in | app=c:\users\olivier\appdata\roaming\dropbox\bin\dropbox.exe |

"{71C2AB40-D7F5-4618-AA28-33482409EC35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{72B5E84D-9EF7-4586-9194-E25F54E437E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{72D0F8B8-23D6-4FEA-A58D-7574826E47B6}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{8032EF16-52C8-44CE-BA14-460637245AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8D1741F4-6DF0-4024-808D-503872E6A11B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{96AB5543-5873-45A0-B33A-2E857AF64AF3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A2A6D66D-2E3E-46B2-965F-F9792699F267}" = protocol=6 | dir=in | app=c:\users\olivier\appdata\roaming\dropbox\bin\dropbox.exe |

"{B7FAB90F-AC69-411B-96AD-7627FFA06CEB}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{C46C2A86-31BA-4410-8F54-18236B245BC6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C69891BD-30FC-48F6-ACD9-C599ABB08FE4}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

"{D7464E0E-3A66-4F62-B896-226662AE43F3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{DC5F3751-802F-46EB-A63C-550AB36E3974}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DCB65263-9C93-47D5-8967-B21C0DEBC1D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DE016AA7-BD06-4DDF-BF3C-8EE94611BCB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{DF1F5E29-0A61-49E3-963D-E7F2DEE7E851}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{E78C97B5-F38F-4E18-8552-CDA06975DAEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EA37320B-3ACE-43A8-8062-874CD95245C3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |

"{F364B209-4E39-4403-9230-5FA2B32ECE87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F772086A-1E22-4151-8CDF-775FA149C41D}" = protocol=17 | dir=in | app=c:\users\olivier\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{4CB302CF-C2F1-4C93-BB66-A5C15E49A0C6}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=6 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |

"TCP Query User{BF6D314C-2D6D-4CBE-B947-B26CEDE5561A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{10C5A660-43FF-499A-BD41-B3F45EBAFE48}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{FB278C31-531B-4D23-95E0-5F0D52D45A4A}C:\program files\oracle\virtualbox\virtualbox.exe" = protocol=17 | dir=in | app=c:\program files\oracle\virtualbox\virtualbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit)

"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Logiciel Intel® PROSet/Wireless WiFi

"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 267.21

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 267.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 267.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Moniteur de la technologie Intel® Turbo Boost 2.0

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE751355-2D68-4905-8289-B0510F535798}" = Nitro Reader 2

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"ProInst" = Intel PROSet Wireless

"R for Windows 2.14.1 Patched_is1" = R for Windows 2.14.1 Patched

"Recuva" = Recuva

"Sigil_is1" = Sigil 0.5.3

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI

"{ADB7CAAC-0895-4C72-B9BC-713A23F66D05}" = Dell MusicStage

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help

"{F6F0277D-0921-43C7-B426-2260937ABDEE}" = Dell Stage

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"AndreaPlanet-AndreaMosaic Professional Beta" = AndreaMosaic Professional Beta 3.33.8

"avast" = avast! Free Antivirus

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"DAEMON Tools Lite" = DAEMON Tools Lite

"dBpoweramp DSP Effects" = dBpoweramp DSP Effects

"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec

"dBpoweramp m4a Codec" = dBpoweramp m4a Codec

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"Dell Webcam Central" = Dell Webcam Central

"foobar2000" = foobar2000 v1.1.12a

"FreeCommander_is1" = FreeCommander 2009.02b

"FreeFileSync" = FreeFileSync v3.17

"GetFoldersize_is1" = GetFoldersize 2.4.0

"ImgBurn" = ImgBurn

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"IrfanView" = IrfanView (remove only)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"TrueCrypt" = TrueCrypt

"VLC media player" = VLC media player 2.0.1

"VMware_Workstation" = VMware Workstation

"WinLiveSuite" = Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/05/2012 13:33:05 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\freecommander\DelZip179.dll ». Erreur dans le fichier de manifeste ou de

stratégie « c:\program files (x86)\freecommander\DelZip179.dll » à la ligne 8. La

valeur « * » de l’attribut « language » de l’élément « assemblyIdentity » n’est

pas valide.

Error - 13/05/2012 22:10:30 | Computer Name = XPS | Source = SideBySide | ID = 16842785

Description = La création du contexte d’activation a échoué pour « C:\Program Files

(x86)\Captain Morgane\CaptainMorgane.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 14/05/2012 13:32:26 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\program files\R\r-2.14.1patched\Tcl\bin64\tk85.dll ».

Erreur dans le fichier de manifeste ou de stratégie « c:\program files\R\r-2.14.1patched\Tcl\bin64\tk85.dll »

à la ligne 9. La valeur « x64 » de l’attribut « processorArchitecture » de l’élément

« assemblyIdentity » n’est pas valide.

Error - 14/05/2012 13:32:42 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « C:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier

de manifeste ou de stratégie « C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »

de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 14/05/2012 13:33:00 | Computer Name = XPS | Source = SideBySide | ID = 16842785

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\captain morgane\CaptainMorgane.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 14/05/2012 13:33:17 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\freecommander\DelZip179.dll ». Erreur dans le fichier de manifeste ou de

stratégie « c:\program files (x86)\freecommander\DelZip179.dll » à la ligne 8. La

valeur « * » de l’attribut « language » de l’élément « assemblyIdentity » n’est

pas valide.

Error - 16/05/2012 13:32:11 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\program files\R\r-2.14.1patched\Tcl\bin64\tk85.dll ».

Erreur dans le fichier de manifeste ou de stratégie « c:\program files\R\r-2.14.1patched\Tcl\bin64\tk85.dll »

à la ligne 9. La valeur « x64 » de l’attribut « processorArchitecture » de l’élément

« assemblyIdentity » n’est pas valide.

Error - 16/05/2012 13:32:26 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « C:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier

de manifeste ou de stratégie « C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »

de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 16/05/2012 13:32:42 | Computer Name = XPS | Source = SideBySide | ID = 16842785

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\captain morgane\CaptainMorgane.exe ». Assembly dépendant Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 16/05/2012 13:32:59 | Computer Name = XPS | Source = SideBySide | ID = 16842815

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\freecommander\DelZip179.dll ». Erreur dans le fichier de manifeste ou de

stratégie « c:\program files (x86)\freecommander\DelZip179.dll » à la ligne 8. La

valeur « * » de l’attribut « language » de l’élément « assemblyIdentity » n’est

pas valide.

[ Dell Events ]

Error - 01/06/2012 10:42:51 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 02/06/2012 02:57:57 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 02/06/2012 02:57:57 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 03/06/2012 09:18:59 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 03/06/2012 09:18:59 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 10/06/2012 04:43:15 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 10/06/2012 04:43:15 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 10/06/2012 04:53:29 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 10/06/2012 04:53:29 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

Error - 10/06/2012 11:02:12 | Computer Name = XPS | Source = DataSafe | ID = 17

Description = Le processus a été interrompu avant la fin.

[ System Events ]

Error - 17/03/2012 06:49:38 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:40 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:43 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:47 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:50 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:53 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:49:56 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 17/03/2012 06:50:00 | Computer Name = XPS | Source = Disk | ID = 262151

Description = Le périphérique \Device\Harddisk2\DR2 comporte un bloc défectueux.

Error - 18/03/2012 07:10:17 | Computer Name = XPS | Source = Disk | ID = 262159

Description = Le périphérique \Device\Harddisk1\DR1 n'est pas prêt pour les accès.

Error - 26/03/2012 11:01:53 | Computer Name = XPS | Source = Service Control Manager | ID = 7022

Description = Le service Windows Update est en attente de démarrage.

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/06/10 00:42:01 | 000,000,000 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000008.@
    [2012/06/09 22:07:23 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@
    [2012/06/09 22:07:06 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\000000cb.@
    [2012/06/09 22:07:05 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@
    [2012/03/14 14:48:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
    @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A303874F

    :files
    C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Hi Maniac,

MAM did not find any infection. I connected to the network only to update MAM otherwise I stay disconnected. Just for you to know, I guess it does not affect the cleaning process.

Best

All processes killed

========== OTL ==========

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000008.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@ moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ moved successfully.

ADS C:\Windows:nlsPreferences deleted successfully.

ADS C:\ProgramData\Temp:A303874F deleted successfully.

========== FILES ==========

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de r‚solution DNS vid‚.

C:\Users\Olivier\Desktop\cmd.bat deleted successfully.

C:\Users\Olivier\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Olivier

->Temp folder emptied: 3272178167 bytes

->Temporary Internet Files folder emptied: 15560159 bytes

->Java cache emptied: 5964042 bytes

->FireFox cache emptied: 66874245 bytes

->Flash cache emptied: 124422 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1618992 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 129259107 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40927 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 75868 bytes

RecycleBin emptied: 6014180915 bytes

Total Files Cleaned = 9 066,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06112012_090457

Files\Folders moved on Reboot...

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U folder moved successfully.

C:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8} folder moved successfully.

C:\Users\Olivier\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

C:\Windows\temp\vmware-Système\vmware-usbarb-Système-3080.log moved successfully.

Registry entries deleted on Reboot...

==============================

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.11.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Olivier :: XPS [administrator]

11/06/2012 09:14:02

mbam-log-2012-06-11 (09-14-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221323

Time elapsed: 2 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great! :)

Connect it to your Network and let me make some additional scans. Meanwhile monitor your system.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Maniac,

I've run Eset online scanner but it's weird: the log file in C:\Program Files\EsetOnlineScanner\log.txt does not look to me like as it should (but I may be just wrong). Basically I ran the scanner a first time and interrupted it because I realized it was scanning a big backup drive on usb that would take forever. It may have produced the log below at that time (or maybe when it installed I can't say for sure):

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Then I ran it again (took over an hour) and ESET found a threat in memory but when I closed it did not save a new log file so I have no trace of the scan. So I ran it again removed a few big folders where nothing was found to save time (I know not very orthodox but I wanted to see if I can get a logfile in the end). ESET found the same threat in memory (see below) but again no log saved.

Operating memory a variant of Win32/Sirefef.EZ trojan

It seems the ESET online scanner may have slightly changed compared with your guidelines (for example "Scan unwanted application" is now "Scan for potentially unwanted application" in "advanced settings") or it could be the trojan that affects ESET' behavior. This is far behond my knowledge.

Last thing, Commodo has not been alerting me as it used to about trojan since last time, even with the network on (zero alert while I used to have # alerts in a row every 2-3 minutes).

To conclude, this is probably not the information you were expecting and I apologize about that. What shall I do next (or better)?

Best

Olivier

Link to post
Share on other sites

Sometimes it happens with ESET Online Scanner, don't worry. We still have some work to do.

Step 1

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 2

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • ComboFix log
  • aswMBR log

Link to post
Share on other sites

Maniac,

Thanks for you reply. Please find below the requested logs.

Best

ComboFix 12-06-11.04 - Olivier 12/06/2012 9:36.1.8 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6058.4602 [GMT 7:00]

LancÉ depuis: c:\users\Olivier\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\iun6002.exe

.

-- ExÉcution prÉalable --

.

.

--------

.

.

((((((((((((((((((((((((((((( Fichiers crÉÉs du 2012-05-12 au 2012-06-12 ))))))))))))))))))))))))))))))))))))

.

.

2012-06-12 02:45 . 2012-06-12 02:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-12 02:45 . 2012-06-12 02:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-11 14:12 . 2012-06-11 14:12 -------- d-----w- c:\program files (x86)\ESET

2012-06-11 02:04 . 2012-06-11 02:04 -------- d-----w- C:\_OTL

2012-06-10 03:35 . 2012-06-10 03:35 -------- d-----w- c:\users\Olivier\AppData\Roaming\SUPERAntiSpyware.com

2012-06-10 03:31 . 2012-06-10 03:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-06-10 03:31 . 2012-06-10 03:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-06-09 17:29 . 2012-06-09 17:29 -------- d-----w- c:\users\Olivier\AppData\Roaming\Malwarebytes

2012-06-09 17:29 . 2012-06-09 17:29 -------- d-----w- c:\programdata\Malwarebytes

2012-06-09 17:29 . 2012-06-09 17:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-09 17:29 . 2012-04-04 08:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-03 13:03 . 2012-06-03 13:03 -------- d-----w- c:\program files (x86)\Medieval CUE Splitter

2012-05-27 09:50 . 2012-06-09 11:35 -------- d-----w- c:\users\Olivier\AppData\Roaming\foobar2000

2012-05-23 10:02 . 2012-05-23 10:02 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-17 13:12 . 2012-05-17 13:12 -------- d-----w- c:\users\Olivier\AppData\Roaming\mkvtoolnix

2012-05-16 10:50 . 2012-05-16 11:02 -------- d-----w- c:\users\Olivier\AppData\Roaming\DiskAid

2012-05-14 02:10 . 2012-05-14 02:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-05-14 02:10 . 2012-05-14 02:10 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-05-14 02:10 . 2012-05-14 02:10 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-23 10:02 . 2011-06-29 13:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-03 07:19 . 2012-04-19 11:07 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-04-03 07:19 . 2012-04-19 11:07 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-04-03 07:19 . 2012-04-03 07:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-04-03 07:19 . 2012-04-03 07:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-04-03 07:19 . 2012-04-03 07:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-03-26 20:10 . 2012-02-12 09:38 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-03-26 20:10 . 2012-02-12 09:38 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-03-26 20:10 . 2012-02-12 09:38 444952 ------w- c:\windows\SysWow64\wrap_oal.dll

2012-03-26 20:10 . 2012-02-12 09:38 109080 ------w- c:\windows\SysWow64\OpenAL32.dll

2012-03-25 12:49 . 2011-06-28 14:02 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ÉlÉments vides & les ÉlÉments initiaux lÉgitimes ne sont pas listÉs

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]

.

c:\users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-6-28 576000]

Moniteur de la technologie Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-03-25 204304]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 IntcDAud;Son Intel® pour Écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Pilote de carte de la sÉrie Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll

.

------- Examen supplÉmentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=fr&l=fr&s=gen

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

TCP: DhcpNameServer = 202.144.184.170 202.144.184.171 8.8.8.8

FF - ProfilePath - c:\users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\xu13o4a6.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (fr)

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-OpAgent - OpAgent.exe

Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\isuspm.exe

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-AndreaPlanet-AndreaMosaic Professional Beta - c:\windows\iun6002.exe

AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*«Á‰F\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*a*v*i*‰F\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*r*†i4\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*r*«Á‰F\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-1565397871-3433680951-2880713604-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*E*a*mç!\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-06-12 09:53:58

ComboFix-quarantined-files.txt 2012-06-12 02:53

.

Avant-CF: 193 283 989 504 octets libres

Après-CF: 192 681 799 680 octets libres

.

- - End Of File - - 37ECAA6A7389D53D71371B2FDC989B21

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-12 10:02:19

-----------------------------

10:02:19.674 OS Version: Windows x64 6.1.7601 Service Pack 1

10:02:19.674 Number of processors: 8 586 0x2A07

10:02:19.674 ComputerName: XPS UserName:

10:02:21.371 Initialize success

10:02:21.500 AVAST engine defs: 12061101

10:02:45.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:02:45.718 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3

10:02:45.718 Disk 0 MBR read successfully

10:02:45.733 Disk 0 MBR scan

10:02:45.733 Disk 0 Windows VISTA default MBR code

10:02:45.733 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63

10:02:45.733 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896

10:02:45.749 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700301 MB offset 30928896

10:02:45.764 Disk 0 scanning C:\Windows\system32\drivers

10:02:54.668 Service scanning

10:03:07.968 Modules scanning

10:03:07.975 Disk 0 trace - called modules:

10:03:07.996 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll

10:03:08.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006301790]

10:03:08.023 3 CLASSPNP.SYS[fffff88001b6843f] -> nt!IofCallDriver -> [0xfffffa800615fcb0]

10:03:08.029 5 stdcfltn.sys[fffff88001aadc52] -> nt!IofCallDriver -> [0xfffffa8005f54590]

10:03:08.035 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f5b050]

10:03:09.549 AVAST engine scan C:\Windows

10:03:12.281 AVAST engine scan C:\Windows\system32

10:04:45.112 AVAST engine scan C:\Windows\system32\drivers

10:05:03.944 AVAST engine scan C:\Users\Olivier

10:21:04.478 AVAST engine scan C:\ProgramData

10:26:33.049 Scan finished successfully

10:28:04.807 Disk 0 MBR has been saved successfully to "C:\Users\Olivier\Desktop\MBR.dat"

10:28:04.816 The log file has been saved successfully to "C:\Users\Olivier\Desktop\aswMBR.txt"

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

It looks pretty good to me. I've run ESET again and it does not find anything in memory this time. Commodo does not give me alerts anymore.

I'm very grateful for your crucial help. Do you think the problem is solved?

If so, my concern now is to say safe as much as possible. Do you think my computer should be OK with AVAST antivirus and Commodo firewall+defense (both free versions) or would you have other/additional recommendations?

Cheers

Link to post
Share on other sites

Glad I could help!

Yes, I think your system is clean now. :)

Your protection is very good, just keep it up-to-date.

Please run OTL and click on CleanUp button. Next, uninstall ESET Online Scanner and manually delete aswMBR and Kaspersky AVP.

Some additional malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.