Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

http://int.search-results.com


  • Please log in to reply

#1
pacha

pacha

    Member

  • Member
  • PipPip
  • 16 posts
Hello everybody.

When I'm on my firefox homepage (about:home) when I tip a word to search, I get a search on http://int.search-results.com.
I tried a lot of thing but don't manage to remove it. I used Spybot, malwarebytes, superantispyware.
I also tried to go in about: config of firefox to change the settings, no results.
I also scanned the computer, but i don't remember what soft I used (maybe avast) and something what found in java, i removed it.
Then I used adwcleaner. Some entries where deleted but no change.
I removed entries with hijackthis whith http://dts.search-re...searchTerms}but they seem to come back as I see them again here, in the log below.

I also have some problems with my mouse for two weeks which is sometimes not recognised I wonder if it can be linked to a malware.

See below the OTL report

Thank you in advance

OTL logfile created on: 30/03/2012 12:22:08 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = G:\Installateurs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,98 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 25,17% Memory free
5,96 Gb Paging File | 2,60 Gb Available in Paging File | 43,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130,30 Gb Total Space | 8,79 Gb Free Space | 6,75% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 22,06 Gb Free Space | 73,53% Space Free | Partition Type: NTFS
Drive F: | 1,00 Gb Total Space | 0,82 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive G: | 304,35 Gb Total Space | 6,51 Gb Free Space | 2,14% Space Free | Partition Type: NTFS
Drive H: | 5,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PACHA-PC | User Name: Pacha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/30 10:35:55 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/03/27 12:20:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- G:\Installateurs\OTL.exe
PRC - [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 04:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 04:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/24 17:19:14 | 003,478,336 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/01/14 19:40:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 17:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 19:56:02 | 000,191,440 | ---- | M] (QIP.ru) -- C:\Program Files (x86)\QipGuard\QipGuard.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/04 11:20:26 | 000,135,680 | ---- | M] (VirtuaWin) -- C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
PRC - [2010/09/04 11:20:26 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
PRC - [2010/07/22 14:18:32 | 002,636,800 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
PRC - [2009/12/04 15:28:32 | 002,244,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2009/11/07 05:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
PRC - [2009/07/09 17:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
PRC - [2008/02/23 06:47:12 | 004,554,752 | ---- | M] () -- G:\Business\SugarCRM\mysql\bin\mysqld.exe
PRC - [2008/02/23 04:32:20 | 000,024,634 | ---- | M] (Apache Software Foundation) -- G:\Business\SugarCRM\apache2\bin\Apache.exe
PRC - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
PRC - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
PRC - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
PRC - [2007/06/15 15:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 10:35:58 | 001,969,112 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/03/30 10:35:57 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/03/30 10:35:57 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/03/17 19:47:01 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/13 19:39:55 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 10:05:01 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b57bd70800db9e03c97550eafc2306f0\IAStorUtil.ni.dll
MOD - [2012/02/16 08:51:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 08:51:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 08:50:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 08:50:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 08:49:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 08:49:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 08:49:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 08:49:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 19:00:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011/10/13 17:59:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/13 04:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/10/25 15:15:46 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\AcroIEFavClient.FRA
MOD - [2010/09/04 11:20:26 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
MOD - [2010/07/22 14:18:32 | 002,636,800 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
MOD - [2010/06/01 11:41:38 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_MouseDeviceManager.dll
MOD - [2010/05/07 23:05:57 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\OSD_Text\OSD_Text.dll
MOD - [2010/04/03 11:37:14 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_Wheel4D.dll
MOD - [2010/04/03 11:37:09 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_ZoomControl.dll
MOD - [2010/04/03 11:37:07 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_ScrollbarControl.dll
MOD - [2010/04/03 11:37:02 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010/04/03 11:36:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2009/07/14 19:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2008/02/23 06:47:12 | 004,554,752 | ---- | M] () -- G:\Business\SugarCRM\mysql\bin\mysqld.exe
MOD - [2008/02/23 04:32:20 | 002,035,712 | ---- | M] () -- G:\Business\SugarCRM\apache2\bin\libmysql.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/12 01:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/03/07 04:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/11/23 14:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011/08/12 03:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/08 07:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/02 20:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/03/17 05:09:56 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/14 19:40:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/01/03 17:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 19:56:02 | 000,191,440 | ---- | M] (QIP.ru) [Auto | Running] -- C:\Program Files (x86)\QipGuard\QipGuard.exe -- (QipGuard)
SRV - [2011/11/25 16:36:00 | 000,311,928 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/08/15 11:42:13 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/07 05:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009/07/09 17:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe -- (doliwampapache)
SRV - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- (doliwampmysqld)
SRV - [2007/06/15 15:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys -- (SliceDisk5)
DRV:64bit: - [2012/03/07 04:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 04:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 04:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 04:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 04:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 04:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/14 00:49:42 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/02/10 15:13:38 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/01 23:28:23 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/15 11:48:23 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/08/15 11:47:54 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/07/22 20:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/21 18:54:25 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/13 01:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/07/08 08:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/08 06:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/04 11:36:32 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 14:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 13:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/09 13:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 13:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/02/25 18:11:57 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/25 18:11:55 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/02/25 18:11:55 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/25 18:11:55 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/25 18:11:55 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/27 11:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 04:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 14:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2009/01/09 18:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/20 21:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru...y={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D A5 A8 41 13 13 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/02 14:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/09 10:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 19:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/18 12:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 12:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/06 10:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Extensions
[2010/06/23 13:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/06 10:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions
[2011/02/13 01:41:08 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/11/26 23:38:19 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\[email protected]
[2012/03/27 11:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions
[2011/12/24 22:33:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/07 09:38:33 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2010/09/07 09:28:30 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/02/22 20:30:05 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2012/03/14 10:29:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/12/03 15:15:25 | 000,000,000 | ---D | M] (Dictionnaire franГ§ais В«ModerneВ») -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/12/03 15:20:28 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2012/03/06 10:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/14 00:50:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/17 19:47:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 09:44:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/12/21 09:44:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/12/21 09:44:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/12/21 09:44:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: \u041F\u043E\u0438\u0441\u043A Google = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Skype Click to Call = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/18 07:57:52 | 000,001,040 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe ()
O4 - Startup: C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204CC7E4-04EB-4111-B18C-959A7888C54D}: NameServer = 195.34.31.50,62.112.106.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}: DhcpNameServer = 81.94.128.4 81.94.131.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/20 12:41:42 | 000,300,416 | R--- | M] () - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/09/20 12:41:42 | 000,000,046 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2011/09/20 12:41:42 | 000,300,416 | R--- | M] ()
O33 - MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 12:18:39 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\PackageAware
[2012/03/30 00:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012/03/29 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\Focus Home Interactive
[2012/03/29 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Home Interactive
[2012/03/28 22:40:46 | 000,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys
[2012/03/28 22:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
[2012/03/28 22:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2012/03/28 20:06:42 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/28 20:06:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/28 20:06:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/28 20:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/28 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\games
[2012/03/28 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\a lire
[2012/03/27 17:26:22 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\Doc commerciale ru
[2012/03/27 17:08:12 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Malwarebytes
[2012/03/27 17:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/27 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/27 17:08:02 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/27 17:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/27 10:21:56 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\VirtuaWin
[2012/03/27 10:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtuaWin
[2012/03/27 10:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtuaWin
[2012/03/27 01:06:33 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\3DVIA
[2012/03/27 01:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA
[2012/03/27 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtools
[2012/03/15 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pacha\.rssowl2
[2012/03/15 13:02:59 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/03/15 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/03/15 13:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSSOwl
[2012/03/14 13:59:21 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 13:59:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 13:59:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 13:59:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 13:59:06 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 13:59:06 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 10:54:20 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\HP
[2012/03/13 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/03/13 10:51:38 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510g-m
[2012/03/13 10:50:56 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70w.dll
[2012/03/13 10:50:17 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/03/13 10:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/03/13 10:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/03/13 10:49:01 | 001,418,240 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtiop5.dll
[2012/03/13 10:49:01 | 000,979,456 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax6.dll
[2012/03/13 10:49:01 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2012/03/13 10:49:01 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2012/03/13 10:48:58 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2012/03/05 23:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/03/05 23:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2012/03/05 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\FreeVideoConverter
[2012/03/05 23:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter
[2012/03/02 07:07:36 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/03/02 07:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/03/02 07:07:33 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Notepad++
[2012/03/02 07:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/30 12:27:04 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/30 12:15:20 | 000,012,001 | ---- | M] () -- C:\Users\Pacha\AppData\Local\Temp35.html
[2012/03/30 12:14:30 | 000,001,293 | ---- | M] () -- C:\Users\Pacha\AppData\Local\Temp1.html
[2012/03/30 09:41:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 09:41:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 09:35:19 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/30 09:33:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 09:33:19 | 2401,808,384 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 01:04:19 | 000,944,103 | ---- | M] () -- C:\Users\Pacha\Desktop\IMG_1951.JPG
[2012/03/29 17:04:04 | 000,024,574 | ---- | M] () -- C:\Users\Pacha\.recently-used.xbel
[2012/03/29 17:02:23 | 001,662,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/29 17:02:23 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/03/29 17:02:23 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/29 17:02:23 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/03/29 17:02:23 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/28 20:06:34 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/03/28 20:06:34 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/28 20:06:34 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/28 20:06:34 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/28 20:06:34 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/27 10:21:53 | 000,000,997 | ---- | M] () -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk
[2012/03/26 20:26:55 | 000,015,873 | ---- | M] () -- C:\Users\Pacha\Desktop\prospection itycom.odt
[2012/03/25 04:08:41 | 000,000,206 | ---- | M] () -- C:\Windows\SysWow64\cffac7_d.ocx
[2012/03/25 04:08:41 | 000,000,206 | ---- | M] () -- C:\Windows\SysWow64\cbbbffdb1_d.dll
[2012/03/19 00:35:33 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/19 00:35:33 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/18 03:32:03 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/16 12:41:31 | 000,295,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/15 13:03:00 | 000,001,857 | ---- | M] () -- C:\Users\Pacha\Desktop\RSSOwl.lnk
[2012/03/15 13:02:59 | 000,001,881 | ---- | M] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2012/03/13 19:57:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/12 01:13:38 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/12 01:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/12 01:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/12 01:13:17 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/09 10:47:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/07 04:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 04:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 04:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 04:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 04:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 04:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 04:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 04:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 04:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/05 23:22:32 | 000,001,173 | ---- | M] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/30 12:15:20 | 000,012,001 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Temp35.html
[2012/03/30 01:03:48 | 000,944,103 | ---- | C] () -- C:\Users\Pacha\Desktop\IMG_1951.JPG
[2012/03/29 17:04:04 | 000,024,574 | ---- | C] () -- C:\Users\Pacha\.recently-used.xbel
[2012/03/28 22:41:17 | 000,001,293 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Temp1.html
[2012/03/27 10:21:53 | 000,000,997 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk
[2012/03/20 15:20:48 | 000,015,873 | ---- | C] () -- C:\Users\Pacha\Desktop\prospection itycom.odt
[2012/03/15 13:03:00 | 000,001,857 | ---- | C] () -- C:\Users\Pacha\Desktop\RSSOwl.lnk
[2012/03/15 13:02:59 | 000,001,881 | ---- | C] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2012/03/05 23:22:32 | 000,001,173 | ---- | C] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2012/02/17 21:58:18 | 000,000,206 | ---- | C] () -- C:\Windows\SysWow64\cbbbffdb1_d.dll
[2011/11/18 22:15:58 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/09/14 03:49:47 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/14 03:49:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/11 23:36:51 | 001,630,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/08 20:50:41 | 000,683,801 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\unins000.exe
[2011/09/08 20:50:41 | 000,038,494 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\unins000.dat
[2011/09/08 20:05:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\snEUps.dll
[2011/07/14 18:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Pacha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 21:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/13 22:55:41 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/13 22:55:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/13 22:55:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/13 22:55:41 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/13 22:55:41 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/13 22:55:41 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/13 22:55:41 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/13 22:55:41 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/13 22:55:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/13 22:55:41 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/11/13 22:55:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/13 22:55:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/13 22:55:41 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/13 22:55:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/13 22:55:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/13 22:55:41 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/11/13 22:55:41 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/11/13 22:55:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/13 22:55:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/11 17:41:17 | 000,007,629 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Resmon.ResmonCfg
[2010/06/11 16:34:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/11 14:57:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/11 14:36:49 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010/06/11 14:36:48 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010/06/11 14:23:23 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

< End of report >

Edited by pacha, 30 March 2012 - 09:01 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Uninstall Malwarebytes' Anti-Malware if you still have it.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
QipGuard

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = http://search.qip.ru...y={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
[2011/02/13 01:41:08 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/12/24 22:33:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/14 10:29:25 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2012/02/14 00:50:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204CC7E4-04EB-4111-B18C-959A7888C54D}: NameServer = 195.34.31.50,62.112.106.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}: DhcpNameServer = 81.94.128.4 81.94.131.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O33 - MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2011/09/20 12:41:42 | 000,300,416 | R--- | M] ()
O33 - MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\Shell\AutoRun\command - "" = I:\setup.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config QipGuard start= disabled /c
C:\Program Files (x86)\QipGuard
C:\Program Files (x86)\Vuze_Remote
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and oopy and paste it into a reply.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (decline the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Are you still getting the bad search results?


Ron
  • 0

#3
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your reply !

So I'm doing the different steps, see below the first log after the fix with OTL


========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service QipGuard stopped successfully!
Service QipGuard deleted successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local\modules folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\local folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults\preferences folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\defaults folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\components folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\chrome folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\modules folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\skin\modern\images folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\skin\modern folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\zh-TW folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\zh-CN folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\vi folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\uk-UA folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\tr-TR folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\sv-SE folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\sk-SK folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\ru-RU folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\ro folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\pt-PT folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\pt-BR folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\pl-PL folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\nn-NO folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\nl folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\ko-KR folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\ja-JP folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\it-IT folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\hu-HU folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\fy-NL folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\fr folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\fi-FI folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\eu-ES folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\et-EE folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\es-ES folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\el-GR folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\de folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\da-DK folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]i.com\chrome\locale\cs-CZ folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\bn-IN folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\bg-BG folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale\ar folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\content\shared folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{204CC7E4-04EB-4111-B18C-959A7888C54D}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\\NameServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0becfb10-0f47-11e1-8d85-4061861ea25c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0becfb10-0f47-11e1-8d85-4061861ea25c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0becfb10-0f47-11e1-8d85-4061861ea25c}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423cedb1-b355-11e0-ad07-4061861ea25c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423cedb1-b355-11e0-ad07-4061861ea25c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423cedb1-b355-11e0-ad07-4061861ea25c}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a4142c8-53ab-11e1-9d83-4061861ea25c}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d38527-b446-11df-a625-4061861ea25c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3d38527-b446-11df-a625-4061861ea25c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3d38527-b446-11df-a625-4061861ea25c}\ not found.
File I:\setup.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 fichier(s) copie(s)
G:\Installateurs\cmd.bat deleted successfully.
G:\Installateurs\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 fichier(s) copie(s)
G:\Installateurs\cmd.bat deleted successfully.
G:\Installateurs\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 fichier(s) copie(s)
G:\Installateurs\cmd.bat deleted successfully.
G:\Installateurs\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 fichier(s) copie(s)
G:\Installateurs\cmd.bat deleted successfully.
G:\Installateurs\cmd.txt deleted successfully.
< sc config QipGuard start= disabled /c >
[SC] OpenService echec(s) 1060 :
Le service specifie n'existe pas en tant que service installe.
G:\Installateurs\cmd.bat deleted successfully.
G:\Installateurs\cmd.txt deleted successfully.
C:\Program Files (x86)\QipGuard folder moved successfully.
C:\Program Files (x86)\Vuze_Remote folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pacha
->Flash cache emptied: 3129 bytes

User: Public

User: Tania
->Flash cache emptied: 1071 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pacha
->Java cache emptied: 10805141 bytes

User: Public

User: Tania

Total Java Files Cleaned = 10,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03312012_165837

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by pacha, 31 March 2012 - 07:09 AM.

  • 0

#4
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Combofix log

ComboFix 12-03-31.02 - Pacha 31/03/2012 18:29:35.1.8 - x64
Microsoft Windows 7 Edition Familiale Premium 6.1.7601.1.1251.7.1036.18.3054.1727 [GMT 4:00]
Running from: c:\users\Pacha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Pacha\AppData\Roaming\mm
c:\users\Pacha\AppData\Roaming\mm\cache\.cache
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\01BDAD3E4027B573A9BE643B906E1141
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\047485FE5DF6152D480F8B2F33DEDB7B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\04F22FD5A435BC54EA1F1C07BF3B242A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\08B06D62EC0553EFDF9B4E91A3E21509
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\0931C01EF2E25B644F53B17D6599627B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\0C99EB928F85B98063F0FD9BD88A4FED
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\0D51E9900D2C17AA30F9D5B537BA8FCE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\13D1489E0600951D20C663DF832AB41B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\151F9F109418E0BEF78F26C86CF40D9A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\152AAAC4BCC619595E084FA4B72C81D1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\15749691DF1566A5AF73D6372A02FDAC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\18472687D12CD06FF270E4D7D6A661EC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\18BF81A178CC7AB54763930FC567BEFF
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\1A60AAEFA2E5F2624EE2B03E9701FBF8
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\1E22F2CBD5882A4B8D137798EAE69B7E
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\222E016193FF07B66E0A95E0075060A1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\22B8DBC66EC3B88F099FB0230FF5CEC0
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\231EED46982DAF475ED4EA4352328C38
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\24B86D44D5D6EF25A6B09497BF5CC3D1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\280C695730499CBDD3480F9A5351242F
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\2887371B1E407E52066315E91482BB5C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\32B015209364ECDA0FDB5D71CC281DE6
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\393DB86250CC8C27DA71C5BF041771CE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\39E149D8B367EB0205C6FFA5384C9371
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\3A5E84D9E7016F2F36BF67356008A130
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\3AB2301C46A4B1529317A1EEEFA56C8C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\3C035EC2214D7B6B805F8AE0E39E275A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\3C537468670FEF5CDA2E97FDA3E15875
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\3EA204F40AD3C75681546F699893A495
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\41217986E1CC6556F7AE09C1D040B00A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4121F79A6C04C379BE59DDA9E298F7A3
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\44AE57675C0C2B01E75CDBB5F8FBDDC3
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\45784DC253F206E4E0623818B6B5EC57
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\459B53260FDCF325F23E104DFED8F6F8
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\46265902ABB04E073805EB03A1D341D4
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\46B3F8CF92610E5278EC7D89265817E3
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\47FC21AE4EF7A456AAC2F863DBF93FDD
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\49E6ED477ED0BE474E49B23E3EEE5C07
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4AA4C2C87588DF4D653C74EC13D30665
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4BA137A964E58120F54354D56999CDF9
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4CE3135434E3A44312F414CC10E2F31D
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4E3F559E293CC2E9F6D4636400134E54
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4E8ABF9AB70F263B5FA9625846CDBBC7
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\4EEADC6EE4C398E401BA029530CB93A7
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\50C29A0817DA15706DF4BEF40A633D15
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\53ED4A37E2A28251D0FD1C8C277BD84C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\632C59A2BD19275340E054BEF9E6BB5A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\655C28D968E8C4D4F472BADE4C4129A3
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\655FFE973964FDB2E7A1C5A3A609B615
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\65819B504E5721CCB831AEA41B5F3C60
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6654F3290D2A44EEDFB373699789FCFE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6750F837335AF3FB9AFAD596168F9ECF
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\68372CA69B8858AD4B4148F69F2FBC58
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6AB277B860639AAC7D87E68DE370AAAC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6B44A35F3B62B7DC7E04E60A7C6EDCB0
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6BFA87C26F91F9DD0BA071B8D85D6DDF
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6E3AD86C86978C4A84A8713850F4E3FD
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\6FAE5055599BD2400DEE6B579E037CF4
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\74506D52DC3A9E44A8DB4ACBAA5EC83C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\753BA725E9AE34B88D31522DC00A7E5E
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\7A85EA270DCFA973DA9E6646B7198A8B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\7B2AB54EE270AE1AE54989AB8C70F208
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\7E461A4B3007AC2A775024BAEC75C594
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\830CB68270578301B7E7437C3A6C9D1D
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\83D0EF8C9A8F70EF73786F3BFC3206E4
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\8774159DF8D6E24F4A76D624DD1073EC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\8DF11D6C73F71693FF9EBDC2F0D96E80
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\8E7EBC188F856C5B29D152E6735E23BE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\9398840EDE1F26796F92D07A628E708F
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\93E0B5C62AD491423DD82D994152B9E2
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\941D278BD4B45F8F7D9053C2DD827E77
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\9473ED8D08CD0A7A6AF41487BCF705E8
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\970FD00C957B27367F00D0DAA34295C0
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\98D93EF44A493F64C63A18A33B2E790F
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\A093126D68BF495C2ECB50BC087B2212
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\A1BEF7307139960047BA512889CE0D25
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\A33822E7B74FDC1FACD38FF11AD51D6A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\A83F23F79FF79B1F97889890DA8CFC0C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\A9CF7E720EB29F5BE353FE1729ED5721
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\AC06FF663063F874F6326CF3A9362F77
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\ADDC231C47656217266753E82F47EDEC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\AEF0D0AF771C6E9CEF73AEB9B6905D73
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B0527DFD4B3DCC4212EB8BF51E37D7A6
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B12F48B9073487D3847A2187C557EEE1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B4EB77C5B51F351AB164392A822D648A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B565027DF91758857690B862F2E55B9E
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B75C7B8A3F303436E596635BA6AEC76C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\B7C5BE489E59FBA9D7F0F5ADF057A6FB
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\BA99F46403ED985D25A0AADA41E4719F
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\BDA3871BE75309F822446E69609B2A05
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\BF1DD25506422D8E673F5ACBA9829237
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\C1009FF461966D93B5D64B7A012D6BB4
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\C4F8914AA6213CA978BE3ABE796BD1E9
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\C8CE9A850B02019C8585EB3271A2A2BE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\CA95B9C8B4BE07EF84E0AEAB381419EA
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\CE1E441CF7BC9320DDD1173EE47177F1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\D2773472A0D01D702D3F6BF4AAD40877
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\D2B0DF18FEFCDAF0AE7AEAD2DD894AFC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\D5204C63E157439361985F5DEF7FB35B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\D605C59D4EC909FAE7D843169F98B086
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\D7AEE82CF80EB0894BFBB90BAA75522C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\DB66B84EBA4ADF12893AF946419ABB5B
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\DB73DC49BA48E2A51413FD2C2AB27D34
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\DB982E1A94105A232C65E4DD22308BB5
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\DCBEF9310A0B4B74BF4BD8C1813D7EAC
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E17895331939023E8EDA83E6B78D21CD
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E1BFB414A4019AE18DEAC1AFD8340322
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E1EAFAFCA02B242445CB15E1989ED676
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E244E1540674526FDC33FCFEFE68AE6F
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E259F4E9908E8F42A754C9F48ED0E005
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E342C881DCE063965EB8550BC5B1CF97
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E652E2B1817A57262E283DD8E433F5A7
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E7EE8D70C9CDBA3161D9B183572B34C4
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E8A0C49E1BDDF0CA3D997E9087767DC0
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\E9261B83AE770275EBD0E5D415F43504
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EA12A65C74F4AFA4C6770CECD1E407E1
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EA30AA47A43F699529E8B3517FE7BE55
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EA748FACA764E2E733FE9ED2254A905A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EAE730FEC93E3448EB281F9B744E6FDE
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EB37C699C2E423B6C1DEEF8696EC44E2
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\ED6872EDD0E67A98847B6031AA439884
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EDA5DE6DBE7EC5201186B21D574DFC4A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\EFDEDAE8D1FA87DEB21BE3FC6FED85EB
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\F59AC9C80F5B579947E13B0331004B7A
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\F722CF962F4FCDC6D9D98B6BDE3E35D8
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\F89C6D98C0A8C26422DE2C934570DE60
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\FC120FD60436810513B38156057E2C7C
c:\users\Pacha\AppData\Roaming\mm\cache\ImageLoader\FFF5C21B65CDCDB33D569DA38A304D67
c:\users\Pacha\AppData\Roaming\Roaming
c:\users\Pacha\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Pacha\videos\wmpfirefoxplugin.exe
c:\windows\IsUn0419.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\aosmtp.dll
c:\windows\SysWow64\cbbbffdb1_d.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 14:43 . 2012-03-31 14:43 -------- d-----w- c:\users\Tania\AppData\Local\temp
2012-03-31 14:43 . 2012-03-31 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 13:01 . 2012-03-31 13:01 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-31 13:01 . 2012-03-31 13:01 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-31 13:01 . 2012-03-31 13:01 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-31 13:01 . 2012-03-31 13:01 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-31 13:01 . 2012-03-31 13:01 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-31 13:01 . 2012-03-31 13:01 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-31 13:01 . 2012-03-31 13:01 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-31 13:01 . 2012-03-31 13:01 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-31 13:01 . 2012-03-31 13:01 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-31 13:00 . 2012-03-31 13:00 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-31 13:00 . 2012-03-31 13:00 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-31 13:00 . 2012-03-31 13:00 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-31 13:00 . 2012-03-31 13:00 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-31 13:00 . 2012-03-31 13:00 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-31 13:00 . 2012-03-31 13:00 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-31 13:00 . 2012-03-31 13:00 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-03-31 13:00 . 2012-03-31 13:00 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-30 09:18 . 2012-03-30 09:18 -------- d-----w- c:\users\Pacha\AppData\Roaming\Registry Mechanic
2012-03-30 09:02 . 2012-03-30 09:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-30 09:02 . 2012-03-30 09:02 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-30 09:02 . 2012-03-30 09:02 -------- d-----w- c:\users\Pacha\AppData\Roaming\OpenCandy
2012-03-30 08:55 . 2012-03-30 08:55 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-30 08:41 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85794AFC-410E-4BFD-B59D-2535EB9068AB}\mpengine.dll
2012-03-30 08:18 . 2012-03-30 08:18 -------- d-----w- c:\users\Pacha\AppData\Local\PackageAware
2012-03-29 19:47 . 2012-03-29 19:47 -------- d-----w- c:\users\Pacha\AppData\Local\Focus Home Interactive
2012-03-29 19:46 . 2012-03-29 19:46 -------- d-----w- c:\program files (x86)\Focus Home Interactive
2012-03-28 18:40 . 2011-05-04 07:36 29752 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-03-28 16:06 . 2012-03-28 16:06 -------- d-----w- c:\program files\Java
2012-03-27 13:08 . 2012-03-27 13:08 -------- d-----w- c:\users\Pacha\AppData\Roaming\Malwarebytes
2012-03-27 13:08 . 2012-03-27 13:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 06:21 . 2012-03-27 06:21 -------- d-----w- c:\users\Pacha\AppData\Roaming\VirtuaWin
2012-03-27 06:21 . 2012-03-27 06:21 -------- d-----w- c:\program files (x86)\VirtuaWin
2012-03-26 21:06 . 2012-03-26 21:06 -------- d-----w- c:\users\Pacha\AppData\Local\3DVIA
2012-03-26 21:06 . 2012-03-26 21:06 -------- d-----w- c:\programdata\3DVIA
2012-03-26 21:05 . 2012-03-27 11:57 -------- d-----w- c:\program files (x86)\Virtools
2012-03-17 15:47 . 2012-03-17 15:47 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 15:47 . 2012-03-17 15:47 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 09:03 . 2012-03-27 20:01 -------- d-----w- c:\users\Pacha\.rssowl2
2012-03-15 09:02 . 2012-03-15 09:03 -------- d-----w- c:\program files (x86)\RSSOwl
2012-03-14 09:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:59 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:59 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:59 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:59 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:59 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:59 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\users\Pacha\AppData\Roaming\HP
2012-03-13 06:53 . 2009-04-20 08:29 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll
2012-03-13 06:52 . 2012-03-13 06:52 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-03-13 06:51 . 2012-03-13 06:51 -------- d-----w- c:\windows\hpoj4500g510g-m
2012-03-13 06:50 . 2009-04-20 08:29 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-03-13 06:50 . 2012-03-13 06:50 -------- d-----w- c:\program files (x86)\HP
2012-03-13 06:49 . 2012-03-13 16:06 -------- d-----w- c:\programdata\HP
2012-03-13 06:49 . 2009-08-17 18:26 979456 ----a-w- c:\windows\system32\hpwwiax6.dll
2012-03-13 06:49 . 2009-08-17 18:26 503296 ----a-w- c:\windows\system32\hpwvst01.dll
2012-03-13 06:49 . 2009-08-17 18:26 1418240 ----a-w- c:\windows\system32\hpwtiop5.dll
2012-03-13 06:49 . 2009-08-17 18:26 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-03-13 06:48 . 2009-08-17 18:34 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-05 19:22 . 2012-03-06 05:37 -------- d-----w- c:\programdata\boost_interprocess
2012-03-05 19:22 . 2012-03-08 12:56 -------- d-----w- c:\users\Pacha\AppData\Roaming\FreeVideoConverter
2012-03-02 03:07 . 2012-03-27 13:06 -------- d-----w- c:\users\Pacha\AppData\Roaming\Notepad++
2012-03-02 03:07 . 2012-03-02 03:07 -------- d-----w- c:\program files (x86)\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 08:55 . 2011-06-07 08:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 16:06 . 2012-01-18 08:39 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-28 16:06 . 2011-08-13 00:26 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-18 20:35 . 2011-09-13 23:52 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-18 20:35 . 2011-09-13 23:49 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-17 23:32 . 2011-09-13 23:49 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-11 21:13 . 2011-10-07 14:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-10-07 14:47 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-10-07 14:47 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-07 14:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-10-07 14:47 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-10-07 14:47 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-07 00:15 . 2011-03-30 16:22 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-03-30 16:22 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-03-21 13:36 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-03-30 16:22 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-03-30 16:23 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 15:00 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-03-30 16:23 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-03-30 16:22 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-03-30 16:23 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 05:18 . 2010-06-11 11:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-13 20:49 . 2011-08-15 06:11 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-02-10 03:57 . 2012-02-13 21:06 545 ----a-w- c:\windows\UC.PIF
2012-02-10 03:57 . 2012-02-13 21:06 545 ----a-w- c:\windows\RAR.PIF
2012-02-10 03:57 . 2012-02-13 21:06 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-02-10 03:57 . 2012-02-13 21:06 545 ----a-w- c:\windows\LHA.PIF
2012-02-10 03:57 . 2012-02-13 21:06 545 ----a-w- c:\windows\ARJ.PIF
2012-01-14 15:40 . 2011-09-13 23:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-01 19:28 . 2011-07-25 10:29 26200 ----a-w- c:\windows\system32\drivers\johci.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2010-07-22 2636800]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-12-04 2244608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VirtuaWin.lnk - c:\program files (x86)\VirtuaWin\VirtuaWin.exe [2012-3-27 135680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 doliwampmysqld;doliwampmysqld;c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe doliwampmysqld [x]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-08-15 24576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-11-25 311928]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 XAMPP;XAMPP Service;g:\xampp\service.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 doliwampapache;doliwampapache;c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:55]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 21:52]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 21:52]
.
2011-03-29 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-07-12 11:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-12 10060832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-25 877600]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Ajouter la cible du lien a un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter a un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Envoyer au peripherique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au peripherique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{204CC7E4-04EB-4111-B18C-959A7888C54D}: NameServer = 195.34.31.50,62.112.106.130
TCP: Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\072776E2165627F6D266275656: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\072776E2165627F6D27657563747: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\47D6F62696C656: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\C4D4027455543545: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CF0D5DB1-B381-468E-8094-605AD65FD9C5}\E4545564F523132443: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Pacha\AppData\Roaming\Mozilla\Firefox\Profiles\c2csyrgv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TaskTray - (no file)
Toolbar-10 - (no file)
WebBrowser-{8DEC4B69-27C4-405D-A37D-8D45C83F66AB} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-31 19:03:15
ComboFix-quarantined-files.txt 2012-03-31 15:03
.
Pre-Run: 11 660 783 616 octets libres
Post-Run: 11 525 210 112 octets libres
.
- - End Of File - - DFD6D70347C0EFF79C72CCD2E64E06DA
  • 0

#5
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
TDSS Killer


19:28:37.0091 6292 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:28:37.0522 6292 ============================================================
19:28:37.0522 6292 Current date / time: 2012/03/31 19:28:37.0522
19:28:37.0522 6292 SystemInfo:
19:28:37.0522 6292
19:28:37.0522 6292 OS Version: 6.1.7601 ServicePack: 1.0
19:28:37.0522 6292 Product type: Workstation
19:28:37.0522 6292 ComputerName: PACHA-PC
19:28:37.0522 6292 UserName: Pacha
19:28:37.0522 6292 Windows directory: C:\Windows
19:28:37.0522 6292 System windows directory: C:\Windows
19:28:37.0522 6292 Running under WOW64
19:28:37.0522 6292 Processor architecture: Intel x64
19:28:37.0522 6292 Number of processors: 8
19:28:37.0522 6292 Page size: 0x1000
19:28:37.0522 6292 Boot type: Normal boot
19:28:37.0522 6292 ============================================================
19:28:38.0097 6292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:28:38.0107 6292 \Device\Harddisk0\DR0:
19:28:38.0108 6292 MBR used
19:28:38.0108 6292 Initialize success
19:28:38.0108 6292 ============================================================
19:30:35.0985 1740 ============================================================
19:30:35.0985 1740 Scan started
19:30:35.0986 1740 Mode: Manual; SigCheck; TDLFS;
19:30:35.0986 1740 ============================================================
19:30:36.0114 1740 !SASCORE - ok
19:30:36.0153 1740 1394ohci - ok
19:30:36.0159 1740 ACPI - ok
19:30:36.0165 1740 AcpiPmi - ok
19:30:36.0200 1740 AdobeARMservice - ok
19:30:36.0239 1740 AdobeFlashPlayerUpdateSvc - ok
19:30:36.0262 1740 adp94xx - ok
19:30:36.0280 1740 adpahci - ok
19:30:36.0286 1740 adpu320 - ok
19:30:36.0295 1740 AeLookupSvc - ok
19:30:36.0310 1740 AFD - ok
19:30:36.0320 1740 agp440 - ok
19:30:36.0326 1740 ALG - ok
19:30:36.0332 1740 aliide - ok
19:30:36.0349 1740 AMD External Events Utility - ok
19:30:36.0355 1740 amdide - ok
19:30:36.0360 1740 AmdK8 - ok
19:30:36.0370 1740 amdkmdag - ok
19:30:36.0375 1740 amdkmdap - ok
19:30:36.0381 1740 AmdPPM - ok
19:30:36.0386 1740 amdsata - ok
19:30:36.0393 1740 amdsbs - ok
19:30:36.0399 1740 amdxata - ok
19:30:36.0420 1740 AppID - ok
19:30:36.0428 1740 AppIDSvc - ok
19:30:36.0434 1740 Appinfo - ok
19:30:36.0444 1740 arc - ok
19:30:36.0447 1740 arcsas - ok
19:30:36.0474 1740 aspnet_state - ok
19:30:36.0502 1740 aswFsBlk - ok
19:30:36.0519 1740 aswMonFlt - ok
19:30:36.0553 1740 aswRdr - ok
19:30:36.0573 1740 aswSnx - ok
19:30:36.0581 1740 aswSP - ok
19:30:36.0600 1740 aswTdi - ok
19:30:36.0611 1740 AsyncMac - ok
19:30:36.0632 1740 atapi - ok
19:30:36.0654 1740 AudioEndpointBuilder - ok
19:30:36.0661 1740 AudioSrv - ok
19:30:36.0678 1740 avast! Antivirus - ok
19:30:36.0690 1740 AxInstSV - ok
19:30:36.0698 1740 b06bdrv - ok
19:30:36.0709 1740 b57nd60a - ok
19:30:36.0713 1740 BDESVC - ok
19:30:36.0716 1740 Beep - ok
19:30:36.0736 1740 BFE - ok
19:30:36.0745 1740 bgsvcgen - ok
19:30:36.0748 1740 BITS - ok
19:30:36.0758 1740 blbdrive - ok
19:30:36.0761 1740 bowser - ok
19:30:36.0764 1740 BrFiltLo - ok
19:30:36.0766 1740 BrFiltUp - ok
19:30:36.0771 1740 BridgeMP - ok
19:30:36.0776 1740 Browser - ok
19:30:36.0791 1740 Brserid - ok
19:30:36.0804 1740 BrSerWdm - ok
19:30:36.0807 1740 BrUsbMdm - ok
19:30:36.0810 1740 BrUsbSer - ok
19:30:36.0835 1740 BthEnum - ok
19:30:36.0838 1740 BTHMODEM - ok
19:30:36.0842 1740 BthPan - ok
19:30:36.0845 1740 BTHPORT - ok
19:30:36.0848 1740 bthserv - ok
19:30:36.0851 1740 BTHUSB - ok
19:30:36.0859 1740 btwaudio - ok
19:30:36.0868 1740 btwavdt - ok
19:30:36.0884 1740 btwdins - ok
19:30:36.0887 1740 btwl2cap - ok
19:30:36.0899 1740 btwrchid - ok
19:30:36.0915 1740 catchme - ok
19:30:36.0921 1740 cdfs - ok
19:30:36.0936 1740 cdrom - ok
19:30:36.0945 1740 CertPropSvc - ok
19:30:36.0948 1740 circlass - ok
19:30:36.0951 1740 CLFS - ok
19:30:36.0976 1740 CLPSLS - ok
19:30:36.0979 1740 clr_optimization_v2.0.50727_32 - ok
19:30:36.0982 1740 clr_optimization_v2.0.50727_64 - ok
19:30:37.0004 1740 clr_optimization_v4.0.30319_32 - ok
19:30:37.0023 1740 clr_optimization_v4.0.30319_64 - ok
19:30:37.0026 1740 CmBatt - ok
19:30:37.0041 1740 cmdAgent - ok
19:30:37.0043 1740 cmdGuard - ok
19:30:37.0047 1740 cmdHlp - ok
19:30:37.0049 1740 cmdide - ok
19:30:37.0053 1740 CNG - ok
19:30:37.0059 1740 Compbatt - ok
19:30:37.0068 1740 CompositeBus - ok
19:30:37.0078 1740 COMSysApp - ok
19:30:37.0081 1740 crcdisk - ok
19:30:37.0095 1740 CryptSvc - ok
19:30:37.0099 1740 DcomLaunch - ok
19:30:37.0102 1740 defragsvc - ok
19:30:37.0105 1740 DfsC - ok
19:30:37.0109 1740 Dhcp - ok
19:30:37.0111 1740 discache - ok
19:30:37.0116 1740 Disk - ok
19:30:37.0119 1740 Dnscache - ok
19:30:37.0167 1740 doliwampapache - ok
19:30:37.0183 1740 doliwampmysqld - ok
19:30:37.0186 1740 dot3svc - ok
19:30:37.0210 1740 Dot4 - ok
19:30:37.0213 1740 Dot4Print - ok
19:30:37.0216 1740 dot4usb - ok
19:30:37.0219 1740 DPS - ok
19:30:37.0245 1740 driverhardwarev2x64 - ok
19:30:37.0254 1740 drmkaud - ok
19:30:37.0260 1740 dtsoftbus01 - ok
19:30:37.0263 1740 DXGKrnl - ok
19:30:37.0266 1740 EapHost - ok
19:30:37.0268 1740 ebdrv - ok
19:30:37.0271 1740 EFS - ok
19:30:37.0283 1740 ehRecvr - ok
19:30:37.0286 1740 ehSched - ok
19:30:37.0289 1740 elxstor - ok
19:30:37.0291 1740 ErrDev - ok
19:30:37.0296 1740 EventSystem - ok
19:30:37.0311 1740 exfat - ok
19:30:37.0314 1740 fastfat - ok
19:30:37.0325 1740 Fax - ok
19:30:37.0329 1740 fdc - ok
19:30:37.0331 1740 fdPHost - ok
19:30:37.0334 1740 FDResPub - ok
19:30:37.0345 1740 FileInfo - ok
19:30:37.0348 1740 Filetrace - ok
19:30:37.0351 1740 flpydisk - ok
19:30:37.0354 1740 FltMgr - ok
19:30:37.0356 1740 FontCache - ok
19:30:37.0359 1740 FontCache3.0.0.0 - ok
19:30:37.0362 1740 FsDepends - ok
19:30:37.0364 1740 Fs_Rec - ok
19:30:37.0368 1740 fvevol - ok
19:30:37.0371 1740 gagp30kx - ok
19:30:37.0375 1740 gpsvc - ok
19:30:37.0403 1740 gupdate - ok
19:30:37.0425 1740 gupdatem - ok
19:30:37.0432 1740 hcw85cir - ok
19:30:37.0445 1740 HdAudAddService - ok
19:30:37.0453 1740 HDAudBus - ok
19:30:37.0457 1740 HidBatt - ok
19:30:37.0462 1740 HidBth - ok
19:30:37.0477 1740 HidIr - ok
19:30:37.0482 1740 hidserv - ok
19:30:37.0489 1740 HidUsb - ok
19:30:37.0493 1740 hkmsvc - ok
19:30:37.0498 1740 HomeGroupListener - ok
19:30:37.0502 1740 HomeGroupProvider - ok
19:30:37.0507 1740 HpSAMD - ok
19:30:37.0521 1740 HTTP - ok
19:30:37.0527 1740 hwpolicy - ok
19:30:37.0530 1740 i8042prt - ok
19:30:37.0533 1740 iaStor - ok
19:30:37.0543 1740 IAStorDataMgrSvc - ok
19:30:37.0546 1740 iaStorV - ok
19:30:37.0549 1740 idsvc - ok
19:30:37.0552 1740 iirsp - ok
19:30:37.0555 1740 IKEEXT - ok
19:30:37.0559 1740 inspect - ok
19:30:37.0575 1740 IntcAzAudAddService - ok
19:30:37.0578 1740 intelide - ok
19:30:37.0586 1740 intelppm - ok
19:30:37.0589 1740 IPBusEnum - ok
19:30:37.0603 1740 IpFilterDriver - ok
19:30:37.0611 1740 iphlpsvc - ok
19:30:37.0614 1740 IPMIDRV - ok
19:30:37.0616 1740 IPNAT - ok
19:30:37.0620 1740 IRENUM - ok
19:30:37.0622 1740 isapnp - ok
19:30:37.0625 1740 iScsiPrt - ok
19:30:37.0628 1740 JMCR - ok
19:30:37.0631 1740 johci - ok
19:30:37.0644 1740 kbdclass - ok
19:30:37.0646 1740 kbdhid - ok
19:30:37.0650 1740 KeyIso - ok
19:30:37.0653 1740 KSecDD - ok
19:30:37.0656 1740 KSecPkg - ok
19:30:37.0659 1740 ksthunk - ok
19:30:37.0662 1740 KtmRm - ok
19:30:37.0665 1740 LanmanServer - ok
19:30:37.0668 1740 LanmanWorkstation - ok
19:30:37.0686 1740 lltdio - ok
19:30:37.0689 1740 lltdsvc - ok
19:30:37.0692 1740 lmhosts - ok
19:30:37.0696 1740 LSI_FC - ok
19:30:37.0699 1740 LSI_SAS - ok
19:30:37.0702 1740 LSI_SAS2 - ok
19:30:37.0706 1740 LSI_SCSI - ok
19:30:37.0708 1740 luafv - ok
19:30:37.0730 1740 maconfservice - ok
19:30:37.0733 1740 Mcx2Svc - ok
19:30:37.0736 1740 megasas - ok
19:30:37.0738 1740 MegaSR - ok
19:30:37.0745 1740 Micro Star SCM - ok
19:30:37.0748 1740 MMCSS - ok
19:30:37.0751 1740 Modem - ok
19:30:37.0753 1740 monitor - ok
19:30:37.0757 1740 mouclass - ok
19:30:37.0760 1740 mouhid - ok
19:30:37.0782 1740 mountmgr - ok
19:30:37.0785 1740 mpio - ok
19:30:37.0788 1740 mpsdrv - ok
19:30:37.0790 1740 MpsSvc - ok
19:30:37.0793 1740 MRxDAV - ok
19:30:37.0796 1740 mrxsmb - ok
19:30:37.0798 1740 mrxsmb10 - ok
19:30:37.0801 1740 mrxsmb20 - ok
19:30:37.0804 1740 msahci - ok
19:30:37.0806 1740 msdsm - ok
19:30:37.0809 1740 MSDTC - ok
19:30:37.0814 1740 Msfs - ok
19:30:37.0820 1740 mshidkmdf - ok
19:30:37.0823 1740 msisadrv - ok
19:30:37.0826 1740 MSiSCSI - ok
19:30:37.0829 1740 msiserver - ok
19:30:37.0838 1740 MSKSSRV - ok
19:30:37.0842 1740 MSPCLOCK - ok
19:30:37.0844 1740 MSPQM - ok
19:30:37.0847 1740 MsRPC - ok
19:30:37.0851 1740 mssmbios - ok
19:30:37.0854 1740 MSTEE - ok
19:30:37.0857 1740 MTConfig - ok
19:30:37.0859 1740 Mup - ok
19:30:37.0862 1740 napagent - ok
19:30:37.0865 1740 NativeWifiP - ok
19:30:37.0868 1740 NDIS - ok
19:30:37.0877 1740 NdisCap - ok
19:30:37.0879 1740 NdisTapi - ok
19:30:37.0895 1740 Ndisuio - ok
19:30:37.0898 1740 NdisWan - ok
19:30:37.0901 1740 NDProxy - ok
19:30:37.0949 1740 Net Driver HPZ12 - ok
19:30:37.0955 1740 NetBIOS - ok
19:30:37.0962 1740 NetBT - ok
19:30:37.0968 1740 Netlogon - ok
19:30:37.0974 1740 Netman - ok
19:30:37.0987 1740 NetMsmqActivator - ok
19:30:37.0991 1740 NetPipeActivator - ok
19:30:37.0994 1740 netprofm - ok
19:30:37.0997 1740 NetTcpActivator - ok
19:30:38.0000 1740 NetTcpPortSharing - ok
19:30:38.0003 1740 nfrd960 - ok
19:30:38.0006 1740 NlaSvc - ok
19:30:38.0008 1740 nmwcd - ok
19:30:38.0032 1740 nmwcdc - ok
19:30:38.0035 1740 Npfs - ok
19:30:38.0037 1740 nsi - ok
19:30:38.0040 1740 nsiproxy - ok
19:30:38.0044 1740 Ntfs - ok
19:30:38.0046 1740 Null - ok
19:30:38.0052 1740 nvraid - ok
19:30:38.0063 1740 nvstor - ok
19:30:38.0067 1740 nv_agp - ok
19:30:38.0070 1740 ohci1394 - ok
19:30:38.0073 1740 p2pimsvc - ok
19:30:38.0075 1740 p2psvc - ok
19:30:38.0078 1740 Parport - ok
19:30:38.0080 1740 partmgr - ok
19:30:38.0083 1740 PcaSvc - ok
19:30:38.0089 1740 pccsmcfd - ok
19:30:38.0092 1740 pci - ok
19:30:38.0094 1740 pciide - ok
19:30:38.0097 1740 pcmcia - ok
19:30:38.0099 1740 pcw - ok
19:30:38.0102 1740 PEAUTH - ok
19:30:38.0110 1740 PerfHost - ok
19:30:38.0116 1740 pla - ok
19:30:38.0129 1740 PlugPlay - ok
19:30:38.0155 1740 Pml Driver HPZ12 - ok
19:30:38.0174 1740 PnkBstrA - ok
19:30:38.0180 1740 PNRPAutoReg - ok
19:30:38.0187 1740 PNRPsvc - ok
19:30:38.0193 1740 PolicyAgent - ok
19:30:38.0209 1740 Power - ok
19:30:38.0223 1740 PptpMiniport - ok
19:30:38.0226 1740 Processor - ok
19:30:38.0229 1740 ProfSvc - ok
19:30:38.0231 1740 ProtectedStorage - ok
19:30:38.0236 1740 Psched - ok
19:30:38.0245 1740 pwdrvio - ok
19:30:38.0262 1740 pwdspio - ok
19:30:38.0271 1740 ql2300 - ok
19:30:38.0275 1740 ql40xx - ok
19:30:38.0278 1740 QWAVE - ok
19:30:38.0280 1740 QWAVEdrv - ok
19:30:38.0283 1740 RasAcd - ok
19:30:38.0289 1740 RasAgileVpn - ok
19:30:38.0296 1740 RasAuto - ok
19:30:38.0299 1740 Rasl2tp - ok
19:30:38.0309 1740 RasMan - ok
19:30:38.0313 1740 RasPppoe - ok
19:30:38.0321 1740 RasSstp - ok
19:30:38.0324 1740 rdbss - ok
19:30:38.0326 1740 rdpbus - ok
19:30:38.0330 1740 RDPCDD - ok
19:30:38.0335 1740 RDPENCDD - ok
19:30:38.0339 1740 RDPREFMP - ok
19:30:38.0342 1740 RDPWD - ok
19:30:38.0345 1740 rdyboost - ok
19:30:38.0348 1740 RemoteAccess - ok
19:30:38.0351 1740 RemoteRegistry - ok
19:30:38.0353 1740 RFCOMM - ok
19:30:38.0368 1740 RimUsb - ok
19:30:38.0387 1740 RimVSerPort - ok
19:30:38.0393 1740 ROOTMODEM - ok
19:30:38.0396 1740 RpcEptMapper - ok
19:30:38.0399 1740 RpcLocator - ok
19:30:38.0402 1740 RpcSs - ok
19:30:38.0405 1740 rspndr - ok
19:30:38.0445 1740 rspSanity - ok
19:30:38.0452 1740 RTHDMIAzAudService - ok
19:30:38.0467 1740 RTL8167 - ok
19:30:38.0479 1740 rtl8192se - ok
19:30:38.0482 1740 SamSs - ok
19:30:38.0503 1740 SASDIFSV - ok
19:30:38.0525 1740 SASKUTIL - ok
19:30:38.0532 1740 sbp2port - ok
19:30:38.0565 1740 SCardSvr - ok
19:30:38.0571 1740 scfilter - ok
19:30:38.0578 1740 Schedule - ok
19:30:38.0585 1740 SCPolicySvc - ok
19:30:38.0605 1740 sdbus - ok
19:30:38.0610 1740 SDRSVC - ok
19:30:38.0625 1740 secdrv - ok
19:30:38.0630 1740 seclogon - ok
19:30:38.0639 1740 SENS - ok
19:30:38.0644 1740 SensrSvc - ok
19:30:38.0648 1740 Serenum - ok
19:30:38.0659 1740 Serial - ok
19:30:38.0669 1740 sermouse - ok
19:30:38.0678 1740 ServiceLayer - ok
19:30:38.0685 1740 SessionEnv - ok
19:30:38.0688 1740 SetupARService - ok
19:30:38.0691 1740 sffdisk - ok
19:30:38.0694 1740 sffp_mmc - ok
19:30:38.0697 1740 sffp_sd - ok
19:30:38.0699 1740 sfloppy - ok
19:30:38.0703 1740 SharedAccess - ok
19:30:38.0706 1740 ShellHWDetection - ok
19:30:38.0709 1740 SiSRaid2 - ok
19:30:38.0712 1740 SiSRaid4 - ok
19:30:38.0724 1740 SkypeUpdate - ok
19:30:38.0739 1740 SliceDisk5 - ok
19:30:38.0746 1740 Smb - ok
19:30:38.0760 1740 SNMPTRAP - ok
19:30:38.0763 1740 spldr - ok
19:30:38.0766 1740 Spooler - ok
19:30:38.0769 1740 sppsvc - ok
19:30:38.0772 1740 sppuinotify - ok
19:30:38.0791 1740 sptd - ok
19:30:38.0794 1740 srv - ok
19:30:38.0797 1740 srv2 - ok
19:30:38.0799 1740 srvnet - ok
19:30:38.0814 1740 SSDPSRV - ok
19:30:38.0817 1740 SstpSvc - ok
19:30:38.0855 1740 Steam Client Service - ok
19:30:38.0862 1740 stexstor - ok
19:30:38.0869 1740 stisvc - ok
19:30:38.0875 1740 swenum - ok
19:30:38.0879 1740 swprv - ok
19:30:38.0891 1740 SynTP - ok
19:30:38.0896 1740 SysMain - ok
19:30:38.0901 1740 TabletInputService - ok
19:30:38.0905 1740 TapiSrv - ok
19:30:38.0908 1740 TBS - ok
19:30:38.0923 1740 Tcpip - ok
19:30:38.0932 1740 TCPIP6 - ok
19:30:38.0937 1740 tcpipreg - ok
19:30:38.0941 1740 TDPIPE - ok
19:30:38.0944 1740 TDTCP - ok
19:30:38.0947 1740 tdx - ok
19:30:38.0950 1740 TermDD - ok
19:30:38.0953 1740 TermService - ok
19:30:38.0956 1740 Themes - ok
19:30:38.0959 1740 THREADORDER - ok
19:30:38.0961 1740 TrkWks - ok
19:30:38.0968 1740 truecrypt - ok
19:30:38.0971 1740 TrustedInstaller - ok
19:30:38.0976 1740 tssecsrv - ok
19:30:39.0018 1740 TsUsbFlt - ok
19:30:39.0032 1740 tunnel - ok
19:30:39.0039 1740 uagp35 - ok
19:30:39.0045 1740 udfs - ok
19:30:39.0056 1740 UI0Detect - ok
19:30:39.0072 1740 uliagpkx - ok
19:30:39.0081 1740 umbus - ok
19:30:39.0103 1740 UmPass - ok
19:30:39.0106 1740 upnphost - ok
19:30:39.0133 1740 upperdev - ok
19:30:39.0136 1740 usbccgp - ok
19:30:39.0139 1740 usbcir - ok
19:30:39.0142 1740 usbehci - ok
19:30:39.0145 1740 usbhub - ok
19:30:39.0148 1740 usbohci - ok
19:30:39.0151 1740 usbprint - ok
19:30:39.0155 1740 usbscan - ok
19:30:39.0186 1740 usbser - ok
19:30:39.0198 1740 UsbserFilt - ok
19:30:39.0201 1740 USBSTOR - ok
19:30:39.0204 1740 usbuhci - ok
19:30:39.0213 1740 usbvideo - ok
19:30:39.0216 1740 UxSms - ok
19:30:39.0219 1740 VaultSvc - ok
19:30:39.0225 1740 vdrvroot - ok
19:30:39.0228 1740 vds - ok
19:30:39.0231 1740 vga - ok
19:30:39.0235 1740 VgaSave - ok
19:30:39.0238 1740 vhdmp - ok
19:30:39.0241 1740 viaide - ok
19:30:39.0245 1740 volmgr - ok
19:30:39.0248 1740 volmgrx - ok
19:30:39.0252 1740 volsnap - ok
19:30:39.0254 1740 vsmraid - ok
19:30:39.0257 1740 VSS - ok
19:30:39.0260 1740 vwifibus - ok
19:30:39.0272 1740 vwififlt - ok
19:30:39.0277 1740 vwifimp - ok
19:30:39.0280 1740 W32Time - ok
19:30:39.0285 1740 WacomPen - ok
19:30:39.0293 1740 wampapache - ok
19:30:39.0296 1740 wampmysqld - ok
19:30:39.0306 1740 WANARP - ok
19:30:39.0313 1740 Wanarpv6 - ok
19:30:39.0342 1740 WatAdminSvc - ok
19:30:39.0345 1740 wbengine - ok
19:30:39.0348 1740 WbioSrvc - ok
19:30:39.0352 1740 wcncsvc - ok
19:30:39.0355 1740 WcsPlugInService - ok
19:30:39.0358 1740 Wd - ok
19:30:39.0361 1740 Wdf01000 - ok
19:30:39.0364 1740 WdiServiceHost - ok
19:30:39.0368 1740 WdiSystemHost - ok
19:30:39.0371 1740 WebClient - ok
19:30:39.0374 1740 Wecsvc - ok
19:30:39.0376 1740 wercplsupport - ok
19:30:39.0384 1740 WerSvc - ok
19:30:39.0388 1740 WfpLwf - ok
19:30:39.0391 1740 WIMMount - ok
19:30:39.0394 1740 WinDefend - ok
19:30:39.0400 1740 WinHttpAutoProxySvc - ok
19:30:39.0404 1740 Winmgmt - ok
19:30:39.0407 1740 WinRM - ok
19:30:39.0438 1740 WinUsb - ok
19:30:39.0441 1740 Wlansvc - ok
19:30:39.0458 1740 wlidsvc - ok
19:30:39.0468 1740 WmiAcpi - ok
19:30:39.0473 1740 wmiApSrv - ok
19:30:39.0476 1740 WMPNetworkSvc - ok
19:30:39.0480 1740 WPCSvc - ok
19:30:39.0483 1740 WPDBusEnum - ok
19:30:39.0485 1740 ws2ifsl - ok
19:30:39.0488 1740 wscsvc - ok
19:30:39.0491 1740 WSearch - ok
19:30:39.0496 1740 wuauserv - ok
19:30:39.0499 1740 WudfPf - ok
19:30:39.0503 1740 WUDFRd - ok
19:30:39.0506 1740 wudfsvc - ok
19:30:39.0509 1740 WwanSvc - ok
19:30:39.0512 1740 X10Hid - ok
19:30:39.0515 1740 x10nets - ok
19:30:39.0556 1740 XAMPP - ok
19:30:39.0578 1740 xnacc - ok
19:30:39.0611 1740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:30:39.0932 1740 \Device\Harddisk0\DR0 - ok
19:30:39.0933 1740 ============================================================
19:30:39.0933 1740 Scan finished
19:30:39.0933 1740 ============================================================
19:30:39.0948 5672 Detected object count: 0
19:30:39.0948 5672 Actual detected object count: 0
  • 0

#6
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ASWMBR
Fix is disabled, FIX MBR is enabled

log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 19:38:19
-----------------------------
19:38:19.229 OS Version: Windows x64 6.1.7601 Service Pack 1
19:38:19.230 Number of processors: 8 586 0x1E05
19:38:19.231 ComputerName: PACHA-PC UserName: Pacha
19:38:19.782 Initialze error C0000022 - driver not loaded
19:38:19.844 AVAST engine defs: 12033100
19:38:25.324 Service scanning
19:38:41.873 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:38:47.511 Modules scanning
19:38:47.522 Scan finished successfully
19:40:07.164 The log file has been saved successfully to "C:\Users\Pacha\Desktop\aswMBR.txt"
  • 0

#7
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pacha :: PACHA-PC [administrateur]

31/03/2012 19:43:53
mbam-log-2012-03-31 (19-43-53).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 214833
Temps écoulé: 5 minute(s), 34 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
  • 0

#8
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
next OTL log

OTL.txt

OTL logfile created on: 31/03/2012 19:53:10 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = G:\Installateurs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,98 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 37,13% Memory free
5,96 Gb Paging File | 3,67 Gb Available in Paging File | 61,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130,30 Gb Total Space | 10,78 Gb Free Space | 8,27% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 22,06 Gb Free Space | 73,53% Space Free | Partition Type: NTFS
Drive F: | 1,00 Gb Total Space | 0,82 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive G: | 304,35 Gb Total Space | 6,29 Gb Free Space | 2,07% Space Free | Partition Type: NTFS

Computer Name: PACHA-PC | User Name: Pacha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 12:20:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- G:\Installateurs\OTL.exe
PRC - [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 04:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 04:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/14 19:40:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 17:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/07 05:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
PRC - [2009/07/09 17:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
PRC - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
PRC - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe
PRC - [2007/06/15 15:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/17 19:47:01 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/13 19:39:55 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 10:05:01 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b57bd70800db9e03c97550eafc2306f0\IAStorUtil.ni.dll
MOD - [2012/02/16 08:51:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/16 08:51:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 08:50:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/16 08:50:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/16 08:49:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/16 08:49:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 08:49:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 08:49:17 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 19:00:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll
MOD - [2011/10/13 17:59:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/13 04:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/14 19:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/12 01:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/03/07 04:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/11/23 14:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011/08/12 03:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/08 07:25:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/02 20:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/03/30 12:55:54 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/17 05:09:56 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/31 15:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/14 19:40:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/01/03 17:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 16:36:00 | 000,311,928 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/08/15 11:42:13 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/07 05:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009/07/09 17:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/05 08:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe -- (doliwampapache)
SRV - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () [Auto | Stopped] -- c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- (doliwampmysqld)
SRV - [2007/06/15 15:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys -- (SliceDisk5)
DRV:64bit: - [2012/03/30 13:02:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/07 04:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 04:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 04:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 04:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 04:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 04:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/14 00:49:42 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/01/01 23:28:23 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/15 11:48:23 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/08/15 11:47:54 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/07/22 20:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/21 18:54:25 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/13 01:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/07/08 08:15:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/08 06:47:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/04 11:36:32 | 000,029,752 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rspSanity64.sys -- (rspSanity)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 14:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 13:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/09 13:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 13:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/02/25 18:11:57 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/25 18:11:55 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/02/25 18:11:55 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/02/25 18:11:55 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/25 18:11:55 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/27 11:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 04:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 14:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2009/01/09 18:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/20 21:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D A5 A8 41 13 13 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/02 14:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/09 10:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 19:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/18 12:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 12:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/06 10:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Extensions
[2010/06/23 13:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/31 16:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions
[2010/11/26 23:38:19 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\bniiube8.Rabota\extensions\[email protected]
[2012/03/31 16:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions
[2012/03/07 09:38:33 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2010/09/07 09:28:30 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/02/22 20:30:05 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/12/03 15:15:25 | 000,000,000 | ---D | M] (Dictionnaire franГ§ais В«ModerneВ») -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2011/12/03 15:20:28 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Pacha\AppData\Roaming\mozilla\Firefox\Profiles\c2csyrgv.default\extensions\[email protected]
[2012/03/31 16:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/17 19:47:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 09:44:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/12/21 09:44:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/12/21 09:44:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/12/21 09:44:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: \u041F\u043E\u0438\u0441\u043A Google = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Skype Click to Call = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Pacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/31 18:43:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204CC7E4-04EB-4111-B18C-959A7888C54D}: NameServer = 195.34.31.50,62.112.106.130
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: COMODO - hkey= - key= - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
MsConfig:64bit - StartUpReg: CPA - hkey= - key= - C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
MsConfig:64bit - StartUpReg: iMON - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: YouCam Mirror Tray icon - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 19:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/31 19:42:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/31 19:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/31 19:41:59 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Pacha\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/31 19:32:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Pacha\Desktop\aswMBR.exe
[2012/03/31 19:03:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/31 18:27:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/31 18:27:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/31 18:27:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/31 18:27:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/31 18:26:21 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Pacha\Desktop\tdsskiller.exe
[2012/03/31 18:25:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/31 17:07:53 | 004,452,676 | R--- | C] (Swearware) -- C:\Users\Pacha\Desktop\ComboFix.exe
[2012/03/30 13:18:21 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Registry Mechanic
[2012/03/30 13:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/03/30 13:02:44 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/03/30 13:02:25 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\OpenCandy
[2012/03/30 13:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/03/30 12:55:53 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 12:18:39 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\PackageAware
[2012/03/30 00:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012/03/29 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\Focus Home Interactive
[2012/03/29 23:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Home Interactive
[2012/03/28 22:40:46 | 000,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys
[2012/03/28 20:06:42 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/28 20:06:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/28 20:06:42 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/28 20:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/28 09:21:24 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\games
[2012/03/28 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\a lire
[2012/03/27 17:26:22 | 000,000,000 | ---D | C] -- C:\Users\Pacha\Desktop\Doc commerciale ru
[2012/03/27 17:08:12 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Malwarebytes
[2012/03/27 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/27 10:21:56 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\VirtuaWin
[2012/03/27 10:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtuaWin
[2012/03/27 10:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtuaWin
[2012/03/27 01:06:33 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Local\3DVIA
[2012/03/27 01:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\3DVIA
[2012/03/27 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtools
[2012/03/15 13:03:08 | 000,000,000 | ---D | C] -- C:\Users\Pacha\.rssowl2
[2012/03/15 13:02:59 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/03/15 13:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/03/15 13:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSSOwl
[2012/03/14 13:59:21 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 13:59:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 13:59:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 13:59:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 13:59:06 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 13:59:06 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 10:54:20 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\HP
[2012/03/13 10:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/03/13 10:51:38 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510g-m
[2012/03/13 10:50:56 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70w.dll
[2012/03/13 10:50:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/13 10:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/03/13 10:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/03/13 10:49:01 | 001,418,240 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtiop5.dll
[2012/03/13 10:49:01 | 000,979,456 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax6.dll
[2012/03/13 10:49:01 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2012/03/13 10:49:01 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2012/03/13 10:48:58 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2012/03/05 23:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/03/05 23:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2012/03/05 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\FreeVideoConverter
[2012/03/02 07:07:36 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/03/02 07:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/03/02 07:07:33 | 000,000,000 | ---D | C] -- C:\Users\Pacha\AppData\Roaming\Notepad++
[2012/03/02 07:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/31 19:46:39 | 000,061,440 | ---- | M] ( ) -- C:\Users\Pacha\Desktop\VEW.exe
[2012/03/31 19:42:12 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Pacha\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/31 19:33:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Pacha\Desktop\aswMBR.exe
[2012/03/31 19:27:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 19:01:01 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 18:43:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/31 18:26:24 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Pacha\Desktop\tdsskiller.exe
[2012/03/31 17:08:33 | 004,452,676 | R--- | M] (Swearware) -- C:\Users\Pacha\Desktop\ComboFix.exe
[2012/03/31 17:08:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 17:08:14 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/31 17:01:06 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/31 17:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/31 17:00:17 | 2401,808,384 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 13:05:37 | 001,662,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/30 13:05:37 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/03/30 13:05:37 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/30 13:05:37 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/03/30 13:05:37 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 13:02:44 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/03/30 12:55:53 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 12:55:53 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/30 12:15:20 | 000,012,001 | ---- | M] () -- C:\Users\Pacha\AppData\Local\Temp35.html
[2012/03/30 12:14:30 | 000,001,293 | ---- | M] () -- C:\Users\Pacha\AppData\Local\Temp1.html
[2012/03/30 01:04:19 | 000,944,103 | ---- | M] () -- C:\Users\Pacha\Desktop\IMG_1951.JPG
[2012/03/29 17:04:04 | 000,024,574 | ---- | M] () -- C:\Users\Pacha\.recently-used.xbel
[2012/03/28 20:06:34 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/03/28 20:06:34 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/28 20:06:34 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/28 20:06:34 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/28 20:06:34 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/27 10:21:53 | 000,000,997 | ---- | M] () -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk
[2012/03/26 20:26:55 | 000,015,873 | ---- | M] () -- C:\Users\Pacha\Desktop\prospection itycom.odt
[2012/03/25 04:08:41 | 000,000,206 | ---- | M] () -- C:\Windows\SysWow64\cffac7_d.ocx
[2012/03/19 00:35:33 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/19 00:35:33 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/18 03:32:03 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/16 12:41:31 | 000,295,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/15 13:03:00 | 000,001,857 | ---- | M] () -- C:\Users\Pacha\Desktop\RSSOwl.lnk
[2012/03/15 13:02:59 | 000,001,881 | ---- | M] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2012/03/12 01:13:38 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/12 01:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/12 01:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/12 01:13:17 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/09 10:47:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/07 04:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 04:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 04:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 04:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 04:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 04:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 04:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 04:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 04:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/31 19:46:12 | 000,061,440 | ---- | C] ( ) -- C:\Users\Pacha\Desktop\VEW.exe
[2012/03/31 18:27:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/31 18:27:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/31 18:27:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/31 18:27:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/31 18:27:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/30 12:57:09 | 000,002,007 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/03/30 12:55:56 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 12:15:20 | 000,012,001 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Temp35.html
[2012/03/30 01:03:48 | 000,944,103 | ---- | C] () -- C:\Users\Pacha\Desktop\IMG_1951.JPG
[2012/03/29 17:04:04 | 000,024,574 | ---- | C] () -- C:\Users\Pacha\.recently-used.xbel
[2012/03/28 22:41:17 | 000,001,293 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Temp1.html
[2012/03/27 10:21:53 | 000,000,997 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk
[2012/03/20 15:20:48 | 000,015,873 | ---- | C] () -- C:\Users\Pacha\Desktop\prospection itycom.odt
[2012/03/15 13:03:00 | 000,001,857 | ---- | C] () -- C:\Users\Pacha\Desktop\RSSOwl.lnk
[2012/03/15 13:02:59 | 000,001,881 | ---- | C] () -- C:\Users\Pacha\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2011/11/18 22:15:58 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/09/14 03:49:47 | 000,280,856 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/14 03:49:36 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/11 23:36:51 | 001,630,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/08 20:50:41 | 000,683,801 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\unins000.exe
[2011/09/08 20:50:41 | 000,038,494 | ---- | C] () -- C:\Users\Pacha\AppData\Roaming\unins000.dat
[2011/09/08 20:05:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\snEUps.dll
[2011/07/14 18:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Pacha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 21:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/13 22:55:41 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/13 22:55:41 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/13 22:55:41 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/13 22:55:41 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/13 22:55:41 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/13 22:55:41 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/13 22:55:41 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/13 22:55:41 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/13 22:55:41 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/13 22:55:41 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/11/13 22:55:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/13 22:55:41 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/13 22:55:41 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/13 22:55:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/13 22:55:41 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/13 22:55:41 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/11/13 22:55:41 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/11/13 22:55:41 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/13 22:55:41 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/11 17:41:17 | 000,007,629 | ---- | C] () -- C:\Users\Pacha\AppData\Local\Resmon.ResmonCfg
[2010/06/11 16:34:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/11 14:57:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/11 14:36:49 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010/06/11 14:36:48 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010/06/11 14:23:23 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/30 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Adobe
[2010/06/23 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\albumart
[2010/11/27 05:57:52 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Apple Computer
[2010/06/11 16:36:26 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\ATI
[2012/03/30 21:45:18 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Azureus
[2011/01/24 16:05:01 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Blackberry Desktop
[2011/11/12 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\CheckPoint
[2012/01/02 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\CyberLink
[2012/03/30 00:24:32 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\DAEMON Tools Lite
[2010/08/29 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\dvdcss
[2011/08/04 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Eidos
[2012/03/15 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\FileZilla
[2012/03/30 20:46:46 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\foobar2000
[2011/05/26 19:29:57 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\fotw
[2011/09/18 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\FreeFLVConverter
[2012/03/08 16:56:02 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\FreeVideoConverter
[2011/09/11 15:23:44 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Friday's games
[2012/02/14 01:09:14 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\GHISLER
[2010/09/14 15:31:35 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Grisbi
[2012/03/16 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\gtk-2.0
[2011/11/07 09:48:44 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\HARVEST S.A
[2012/03/13 10:54:20 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\HP
[2010/07/26 19:05:21 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\HU2011
[2011/03/25 03:31:30 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\HyperLobby
[2010/06/11 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Identities
[2011/03/29 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\iExpert Software
[2011/12/31 17:42:41 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\InfraRecorder
[2011/03/10 02:22:00 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\inkscape
[2010/06/11 14:21:37 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\InstallShield
[2010/06/11 14:28:11 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Intel Corporation
[2011/03/15 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Kalypso Media
[2011/11/22 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\KompoZer
[2010/06/11 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Macromedia
[2012/03/27 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Malwarebytes
[2009/07/14 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Media Center Programs
[2011/09/24 17:37:01 | 000,000,000 | --SD | M] -- C:\Users\Pacha\AppData\Roaming\Microsoft
[2010/06/11 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Mozilla
[2010/06/23 01:11:22 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Mp3tag
[2011/04/03 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\MusicBrainz
[2012/03/27 16:45:53 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\NCH Software
[2012/02/19 21:19:06 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Nokia
[2012/03/27 17:06:27 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Notepad++
[2011/07/07 17:19:10 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Nvu
[2012/03/30 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\OpenCandy
[2010/06/11 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\OpenOffice.org
[2011/03/17 23:28:52 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Opera
[2012/02/19 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\PC Suite
[2011/12/19 12:47:23 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\QIP
[2011/03/09 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Quest3D
[2011/02/13 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Raptr
[2012/03/30 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Registry Mechanic
[2010/12/11 04:30:22 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Research In Motion
[2011/09/08 23:28:16 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Sarbacane Software
[2011/07/11 14:35:07 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\SecondLife
[2011/09/08 23:32:37 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\SendBlaster2
[2012/03/31 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Skype
[2011/07/01 09:00:31 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\skypePM
[2011/12/02 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\SOUNDGRAPH
[2011/08/13 04:27:11 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/17 13:55:36 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\TeamViewer
[2011/06/04 05:47:07 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\The Creative Assembly
[2010/06/23 13:35:21 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Thunderbird
[2012/03/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Tropico3
[2012/03/12 02:51:33 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\TrueCrypt
[2011/07/26 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\TS3Client
[2011/05/28 02:26:33 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\ts3overlay
[2010/07/14 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Ubisoft
[2011/08/15 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Uniblue
[2011/08/09 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\updatetool
[2012/03/27 10:21:56 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\VirtuaWin
[2012/03/20 01:45:16 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\vlc
[2010/09/02 12:10:39 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\VoipBuster
[2011/09/04 22:50:55 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\Winamp
[2011/12/01 02:32:27 | 000,000,000 | ---D | M] -- C:\Users\Pacha\AppData\Roaming\XnView

< MD5 for: ATAPI.SYS >
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 10:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 16:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 17:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 16:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 17:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 17:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 17:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 17:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 17:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 17:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/12 00:04:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/12 00:04:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/12 00:04:06 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/12 00:04:06 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/12 00:04:06 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/17 19:46:58 | 000,836,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/17 19:47:01 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/03/27 06:28:45 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/12 00:04:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/12 00:04:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/12 00:04:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/12 00:04:06 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/12 00:04:06 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#9
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Extra.txt OTl log should I reinstall it in english to get a log in english for you ?

OTL Extras logfile created on: 31/03/2012 19:53:10 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = G:\Installateurs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,98 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 37,13% Memory free
5,96 Gb Paging File | 3,67 Gb Available in Paging File | 61,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 130,30 Gb Total Space | 10,78 Gb Free Space | 8,27% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 22,06 Gb Free Space | 73,53% Space Free | Partition Type: NTFS
Drive F: | 1,00 Gb Total Space | 0,82 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive G: | 304,35 Gb Total Space | 6,29 Gb Free Space | 2,07% Space Free | Partition Type: NTFS

Computer Name: PACHA-PC | User Name: Pacha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{212DB3F2-8354-C08F-29C2-DC0194218F56}" = ATI AVIVO64 Codecs
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{58EC015E-BA77-A331-0F49-C344EFF7A5D5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{83D663BF-E9AF-0C6B-D278-BB8F90EDA304}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F0D50B6D-925D-D70A-DB07-1FB44C611789}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Package de pilotes Windows - Nokia Modem (02/25/2011 7.01.0.9)
"B24074592222CFC1B8ABF520F9089E49FB1763D7" = Windows Driver Package - Broadcom Bluetooth (05/27/2009 6.1.7100.0)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Package de pilotes Windows - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B19A54C-3692-4D12-BFD9-1362DD34CE78}" = Ma-Config.com
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{333F3B34-0374-4B2C-9A23-EA6294D82772}" = HyperLobby client
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4854F47F-5865-4DA4-B15A-EB1783928E48}" = ClickImpôts first step 2011.3.023
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57F8108C-886F-9424-DB1D-9A5E51ED13C4}" = Catalyst Control Center Graphics Previews Common
"{5B461E1D-1DB0-0BB2-132F-D77C56838FF3}" = Catalyst Control Center InstallProxy
"{61C25DE5-8236-62C2-795F-05DBA452B1B5}" = Catalyst Control Center Localization All
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{658BC6B8-549E-58B3-4FD1-56CF7E3094CB}" = Catalyst Control Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1" = GroupMail :: Free Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{809A3BCA-2B18-4B8D-A0DB-3AE01BCFAB4F}" = Hama Whitestorm Pad
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAEEC072-B5EE-48F7-6E69-6A285ACFBBA5}" = HydraVision
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1CBB2A3-2797-6C12-5317-D100F3BD0A76}" = CCC Help English
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = OSCAR Editor
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.37.1
"Album Cover Art Downloader" = Album Cover Art Downloader 1.6.6
"Ant Movie Catalog Viewer_is1" = Ant Movie Catalog Viewer 1.6
"Ant Movie Catalog_is1" = Ant Movie Catalog
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Cities XL 2012" = Cities XL 2012
"DAEMON Tools Lite" = DAEMON Tools Lite
"doliwamp_is1" = DoliWamp-3.1.0
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EVEREST Ultimate Edition v5.50" = EVEREST Ultimate Edition v5.50
"FileHippo.com" = FileHippo.com Update Checker
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.11
"Google Chrome" = Google Chrome
"Grisbi 0.6.0 release" = Grisbi 0.6.0 release
"Inkscape" = Inkscape 0.47
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D8A790CB-CF32-4135-AAAE-6BA5A75C5DBF}" = Anti-Vibrate Oscar Editor
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 fr)" = Mozilla Firefox 11.0 (x86 fr)
"Mozilla Thunderbird 11.0.1 (x86 fr)" = Mozilla Thunderbird 11.0.1 (x86 fr)
"Mp3tag" = Mp3tag v2.46a
"MusicBrainz Picard" = MusicBrainz Picard
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Patrician 4_is1" = Patrician 4
"Postal 2_is1" = Portal 2
"Psi" = Psi (remove only)
"PunkBusterSvc" = PunkBuster Services
"RSSOwl" = RSSOwl
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"Steam App 12840" = DiRT 2
"Steam App 15320" = IL-2 Sturmovik: 1946
"SugarCRM on FastStack 6.2.2" = SugarCRM on FastStack
"The Elder Scrolls 5.Skyrim.v 1.3.10.0_is1" = The Elder Scrolls 5.Skyrim.v 1.3.10.0
"Total War Shogun 2_is1" = Total War Shogun 2
"TrueCrypt" = TrueCrypt
"VirtuaWin_is1" = VirtuaWin v4.3
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.1.11
"WampServer 2_is1" = WampServer 2.2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"X10Hardware" = X10 Hardware™
"Тропико 3 Абсолютная власть_is1" = Тропико 3 Абсолютная власть

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
"pdfsam" = pdfsam
"QIP 2012" = QIP 2012 4.0.7058
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2011 13:43:05 | Computer Name = Pacha-PC | Source = SetupARService | ID = 0
Description = Le service ne peut pas etre demarre. System.NullReferenceException:
La reference d'objet n'est pas definie a une instance d'un objet. a SetupAfterRebootService.SetupARService.OnStart(String[]
args) a System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 30/11/2011 17:50:07 | Computer Name = Pacha-PC | Source = SideBySide | ID = 16842832
Description = La creation du contexte d’activation a echoue pour « G:\Installateurs\SoftonicDownloader_pour_free-flv-converter.exe ».
Erreur dans le fichier de manifeste ou de strategie «  » a la ligne . Une version
de composant necessaire a l’application est en conflit avec une autre version de
composant deja active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 30/11/2011 17:50:07 | Computer Name = Pacha-PC | Source = SideBySide | ID = 16842832
Description = La creation du contexte d’activation a echoue pour « G:\Installateurs\SoftonicDownloader_pour_freez-3gp-video-converter.exe ».
Erreur dans le fichier de manifeste ou de strategie «  » a la ligne . Une version
de composant necessaire a l’application est en conflit avec une autre version de
composant deja active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 30/11/2011 21:02:53 | Computer Name = Pacha-PC | Source = Application Hang | ID = 1002
Description = Le programme ExifToolGUI.exe version 3.38.2.0 a cesse d’interagir
avec Windows et a ete ferme. Pour determiner si des informations supplementaires
sont disponibles, consultez l’historique du probleme dans le Centre de maintenance.

ID
de processus : 1c70 Heure de debut : 01ccafb217ca7fd8 Heure de fin : 18 Chemin d’acces
de l’application : G:\Installateurs\Photographie\exiftoolgui\ExifToolGUI.exe ID
de rapport : 2fc1d2e8-1bb8-11e1-b4ab-4061861ea25c

Error - 01/12/2011 04:12:25 | Computer Name = Pacha-PC | Source = SetupARService | ID = 0
Description = Le service ne peut pas etre demarre. System.NullReferenceException:
La reference d'objet n'est pas definie a une instance d'un objet. a SetupAfterRebootService.SetupARService.OnStart(String[]
args) a System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 01/12/2011 16:41:59 | Computer Name = Pacha-PC | Source = SetupARService | ID = 0
Description = Le service ne peut pas etre demarre. System.NullReferenceException:
La reference d'objet n'est pas definie a une instance d'un objet. a SetupAfterRebootService.SetupARService.OnStart(String[]
args) a System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 01/12/2011 20:33:21 | Computer Name = Pacha-PC | Source = SideBySide | ID = 16842832
Description = La creation du contexte d’activation a echoue pour « G:\Installateurs\SoftonicDownloader_pour_freez-3gp-video-converter.exe ».
Erreur dans le fichier de manifeste ou de strategie «  » a la ligne . Une version
de composant necessaire a l’application est en conflit avec une autre version de
composant deja active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 01/12/2011 20:33:21 | Computer Name = Pacha-PC | Source = SideBySide | ID = 16842832
Description = La creation du contexte d’activation a echoue pour « G:\Installateurs\SoftonicDownloader_pour_free-flv-converter.exe ».
Erreur dans le fichier de manifeste ou de strategie «  » a la ligne . Une version
de composant necessaire a l’application est en conflit avec une autre version de
composant deja active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 01/12/2011 20:36:17 | Computer Name = Pacha-PC | Source = SetupARService | ID = 0
Description = Le service ne peut pas etre demarre. System.NullReferenceException:
La reference d'objet n'est pas definie a une instance d'un objet. a SetupAfterRebootService.SetupARService.OnStart(String[]
args) a System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 01/12/2011 20:41:21 | Computer Name = Pacha-PC | Source = SetupARService | ID = 0
Description = Le service ne peut pas etre demarre. System.NullReferenceException:
La reference d'objet n'est pas definie a une instance d'un objet. a SetupAfterRebootService.SetupARService.OnStart(String[]
args) a System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

[ Media Center Events ]
Error - 08/04/2011 03:12:13 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 11:12:13 - Erreur de connexion a Internet. 11:12:13 - Impossible
de contacter le service..

Error - 08/04/2011 03:12:58 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 11:12:45 - Erreur de connexion a Internet. 11:12:45 - Impossible
de contacter le service..

Error - 08/04/2011 19:10:37 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 03:10:37 - Erreur de connexion a Internet. 03:10:37 - Impossible
de contacter le service..

Error - 08/04/2011 19:10:47 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 03:10:43 - Erreur de connexion a Internet. 03:10:43 - Impossible
de contacter le service..

Error - 08/04/2011 20:10:52 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 04:10:52 - Erreur de connexion a Internet. 04:10:52 - Impossible
de contacter le service..

Error - 08/04/2011 20:10:58 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 04:10:57 - Erreur de connexion a Internet. 04:10:57 - Impossible
de contacter le service..

Error - 08/04/2011 21:11:04 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 05:11:04 - Erreur de connexion a Internet. 05:11:04 - Impossible
de contacter le service..

Error - 08/04/2011 21:11:54 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 05:11:14 - Erreur de connexion a Internet. 05:11:14 - Impossible
de contacter le service..

Error - 08/04/2011 22:11:58 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 06:11:58 - Erreur de connexion a Internet. 06:11:58 - Impossible
de contacter le service..

Error - 08/04/2011 22:12:04 | Computer Name = Pacha-PC | Source = MCUpdate | ID = 0
Description = 06:12:03 - Erreur de connexion a Internet. 06:12:03 - Impossible
de contacter le service..

[ System Events ]
Error - 30/03/2012 06:33:31 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7009
Description = Le depassement de delai (30000 millisecondes) a ete atteint lors de
l’attente de la connexion du service SetupARService.

Error - 30/03/2012 06:33:31 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7000
Description = Le service SetupARService n’a pas pu demarrer en raison de l’erreur :
%%1053

Error - 30/03/2012 13:45:42 | Computer Name = Pacha-PC | Source = DCOM | ID = 10010
Description =

Error - 31/03/2012 08:28:02 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7009
Description = Le depassement de delai (30000 millisecondes) a ete atteint lors de
l’attente de la connexion du service SetupARService.

Error - 31/03/2012 08:28:02 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7000
Description = Le service SetupARService n’a pas pu demarrer en raison de l’erreur :
%%1053

Error - 31/03/2012 08:59:16 | Computer Name = Pacha-PC | Source = DCOM | ID = 10010
Description =

Error - 31/03/2012 10:29:34 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7034
Description = Le service doliwampmysqld s’est termine de facon inattendue pour la
1eme fois.

Error - 31/03/2012 10:33:52 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marque comme etant interactif. Cependant,
le systeme est configure pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 31/03/2012 10:38:34 | Computer Name = Pacha-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\ComboFix\catchme.sys a ete bloque en raison
d’une incompatibilite avec ce systeme. Contactez l’editeur de votre logiciel pour
obtenir une version compatible du pilote.

Error - 31/03/2012 10:44:02 | Computer Name = Pacha-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marque comme etant interactif. Cependant,
le systeme est configure pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.


< End of report >

Edited by pacha, 31 March 2012 - 10:19 AM.

  • 0

#10
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
vew log system

Vino's Event Viewer v01c run on Windows 2008 in French
Report run at 31/03/2012 20:54:09

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/03/2012 16:50:31
Type: Erreur Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
Le serveur {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Log: 'System' Date/Time: 31/03/2012 16:25:52
Type: Erreur Category: 0
Event: 7000 Source: Service Control Manager
Le service Hôte de périphérique UPnP n’a pas pu démarrer en raison de l’erreur : L’échec d’une ouverture de session a empêché le démarrage du service.

Log: 'System' Date/Time: 31/03/2012 16:25:52
Type: Erreur Category: 0
Event: 7038 Source: Service Control Manager
Le service upnphost n’a pas pu ouvrir de session en tant que NT AUTHORITY\LocalService avec le mot de passe actuellement configuré en raison de l’erreur suivante : Cette demande n’est pas prise en charge. Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).

Log: 'System' Date/Time: 31/03/2012 16:25:53
Type: Erreur Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM a reçu l’erreur "1069" lors de la mise en route du service upnphost avec les arguments "" pour démarrer le serveur : {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 31/03/2012 16:25:35
Type: Erreur Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
Le serveur {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Log: 'System' Date/Time: 31/03/2012 16:25:26
Type: Erreur Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
Le serveur {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/03/2012 16:50:47
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Log: 'System' Date/Time: 31/03/2012 16:26:04
Type: Avertissement Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
Le Service d’autoconfiguration WLAN s’est arrêté correctement.
  • 0

Advertisements


#11
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
vew log application

Vino's Event Viewer v01c run on Windows 2008 in French
Report run at 31/03/2012 21:02:02

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/03/2012 16:52:11
Type: Erreur Category: 0
Event: 0 Source: SetupARService
Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet. à SetupAfterRebootService.SetupARService.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Log: 'Application' Date/Time: 31/03/2012 16:27:20
Type: Erreur Category: 0
Event: 0 Source: SetupARService
Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet. à SetupAfterRebootService.SetupARService.OnStart(String[] args) à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/03/2012 16:52:17
Type: Avertissement Category: 3
Event: 3086 Source: Microsoft-Windows-Search
Les paramètres régionaux du système ont changé. Les données existantes vont être supprimées et l’index doit être recréé.

Contexte : Application , Catalogue SystemIndex
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
I can read the French logs OK so no problem.

Looks like you have a problem with your Audio and Video Drivers.

SetupARService is something from Realtek Audio. Supposedly it runs just the one time after an install and then goes away but for some reason yours is sticking around. I would get the latest Audio driver from your PC maker's website and see if that helps.

The Video driver:
http://forum.noteboo...11-10-whql.html
should correct the DCOM errors.


You have two old Java programs that need to be uninstalled:

Java™ 6 Update 22
Java™ 6 Update 26
Get the latest version from java.com but use your 32 bit IE or Firefox as you already have the latest for 64 bit.

Do you know what these are?
R2 doliwampmysqld;doliwampmysqld;c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe doliwampmysqld [x]
S2 doliwampapache;doliwampapache;c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]

Are you still getting bad searches?
  • 0

#13
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for your answer.

I still have the bas searches.
  • 0

#14
pacha

pacha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
R2 doliwampmysqld;doliwampmysqld;c:\dolibarr\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe doliwampmysqld [x]
S2 doliwampapache;doliwampapache;c:\dolibarr\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]

This is an ERP installed locally.It's OK.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
This appears to be a variation of SearchQu.

If you are not in Russia then I think you also have a DNS hijacker (perhaps yous router has also been compromised and needs to be reset?)


1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 4.2.2.1 in the Preferred DNS server and 8.8.8.8 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Reboot and see if you have the same problem.

First uninstall DAEMON Tools Lite as DTS may stand for Daemon Tools Search.

Then follow the instructions here:

http://deletemalware...tall-guide.html

IF you can't find an entry then go on to the next step.

You probably won't see Searchqu but your redirector uses the same {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} so you may see Bandoo Media

You can use Regseeker to remove the registry entries instead of editing it directly:

http://www.hoverdesk.net/freeware.htm
The download is where it says:
DOWNLOAD RegSeeker 1.55 (>20 languages included !)
It's a zip file so you have to save it then right click on it and Extract All then run regseeker.exe.

Select Find in Registry then have it look for {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} . You can then select all and then right click and delete selected. (Before you delete them look to see what name it is using instead of searchqu. You can run a second search on the new name) It puts a copy of the stuff it removes in the backups folder which it creates below the folder it is in so if it doesn't work you can go back and replace it.

RegSeeker also has a registry cleaner but I don't really trust registry cleaners so I'd rather you didn't use it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP